The large-scale Twitter hack for bitcoin scams involved 130 accounts, according to Twitter. The attackers were able to send messages to ‘a small part’ of them. The FBI is investigating the hacks, which may be traced to an account takeover forum.
Twitter is still investigating Wednesday’s incident and claims that one of the outcomes is that some 130 accounts were attacked, a small number of which would have actually been taken over. The company is working with the owners of the accounts and is still assessing the impact. For example, it is unclear whether the attackers could view private messages. The ability to download Twitter data from the accounts remains blocked for those affected, pending the investigation.
The biggest hack in Twitter history has now caught the attention of the FBI, the US Congress and New York authorities, NPR reports. The FBI warns people not to fall for the bitcoin scam. The governor of New York and the chairman of the Senate Commerce Committee want to clarify Twitter and point out the risks of fake news and dire consequences of being able to take over accounts of, for example, politicians.
It turned out on Wednesday that the Twitter accounts of Elon Musk, Bill Gates, Joe Biden, Warren Buffet, Kanye West and Uber, among others, sent messages with the call to donate bitcoin. The promise with the fraud was that double the amount of bitcoin would be returned. It was striking that at the same time the account of Geert Wilders had been taken over, without sending Bitcoinscam messages.
It is also striking that the account @ 6 was also taken over. In the past, this account belonged to the now deceased hacker Adrian Lamo, who, among other things, tipped off the US government that Chelsea Manning was the one who provided secret information to WikiLeaks. The @ 6 account was managed by a friend of Lamo’s, Lucky225, who describes what happened.
According to him, he received a confirmation code via Google Voice on Wednesday to change the password of the Twitter account. However, the attackers had changed the email address associated with the account, so that the code was also sent there. After social engineering, the attackers were able to use the admin panel of Twitter employees to change the email addresses associated with the accounts and thus change the passwords and apparently this could be done without the owner being notified, other than the notification with code if a mobile number was linked and 2fa had not yet been switched off, Luck225 writes.
It is not clear whether the same attackers were behind Wednesday’s wave of acquired accounts. Security researcher Brian Krebs points to an account hijacking forum posting of a user with the alias Chaewon, who claims he can change the email address of any Twitter account. He asked $ 250 for this and for $ 2,000 to $ 3,000 he promises instant access to accounts. The forum would mainly trade in access to accounts taken over via sim swapping.