Via TechCrunch (and other sources)
Yesterday, multiple high-profile accounts such as Jeff Bezos, Bill Gates, and Elon Musk were all tweeting and promising to double any bitcoins given to them. At around the same time, several organizations were tweeting about Crypto for Health, a new COVID-19 related initiative.
Unfortunately, it was all a scam and part of a hack that led to multiple Twitter account compromises. As a result, Twitter soon deleted some of the tweets and stopped users from being able to send their own tweets (most of the affected users were “verified” users).
The scam was simple – it asked for BTC, promising more in return, but the account would never give back any money. In just a few short hours, the hacker made over $100,000.
While details of the hack are still unclear, many are saying that the hacker was able to pay off an internal Twitter employee and leverage Twitter’s admin tool, which allows, among other things, to control user account access, change associated emails, and suspend the user as well. The hacker has also spoken to several publications and provided these details but the full picture is yet to be seen.
Twitter also posted a short thread with some details of the hack and their response.
UPDATE: There has also been several questions as to whether or not the hackers were able to read and/or send private DMs from the compromised accounts, which would be an even more severe privacy violation. Twitter has not yet made any statements about the issue but the possibility has renewed calls for Twitter to make DMs end-to-end encrypted. This would stop Twitter from being able to read DMs and also protect the messages should a hack like this occur again.
To learn more about the Twitter hack, visit TechCrunch.