After the unravelling of security lapses in Zoom that were exploited by the wrongdoers to hack and gain access to virtual meetings, now Twitter has witnessed a similar storm of attack wherein the accounts of celebrities were hacked and used for perpetrating a Bitcoin scam. Accounts of Barack Obama, Bill Gates, Elon Musk, and others, as well as of tech companies like Apple and Uber were hacked and used for the scam.  

Twitter in its response said, “It was a coordinated social engineering attack targeting its employees with access to internal systems and tools. We know the hackers used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf." It added that steps were being taken to limit access to such internal systems and tools while the company's investigation was ongoing.

The scam erupted with tweets coming in from the aforementioned official twitter accounts asking everyone to send $1000 in return to which they would send $2000. A person involved in the underground hacking scene told TechCrunch that a hacker, who goes by the handle “Kirk” — likely not their real name — generated over $100,000 in a matter of hours by gaining access to an internal Twitter tool, which they used to take control of popular Twitter accounts. The hacker used the tool to reset the associated email addresses of affected accounts to make it more difficult for the owner to regain control. The hacker then pushed the cryptocurrency scam.

“What happened with Twitter earlier today is really unfortunate. This is a huge scale of an attack on high-profile targets, who were clearly chosen for their visibility. We feel gaining control of accounts and sending out tweets wasn’t the ultimate goal of the intruders. They could've changed, deleted or stolen data, gained access to private and highly confidential DMs etc. They have used the cryptocurrency scam as a power tool to prove to the world that they had sensitive information at hand. We've yet to see the full impact of what this attack was about and feel that there's more to unfold,” says Rajesh Chhabra, Sales Director, South Asia, Acronis.  

“In the current scheme of things where we are dealing with the pandemic and everyone is working remotely, protection of user and enterprise data becomes significantly important. There are new malwares entering the market with every passing day and it becomes imperative to have the mechanism in place to tackle these attacks, big or small. This can only be achieved through regular training programs established for or by cyber security experts in order to be in sync with the current technological advancements. 2FA, workstation patching and hardening can help prevent such cases. There is a whole methodology on privileged workstation security, but it's quite an extensive and time-consuming process to follow. We strongly recommend that brands should follow these protocols at regular intervals to avoid such incidents in the near future,” he adds.