Comment: Apple, Biden, Gates, Musk and other high-profile Twitter accounts hacked in crypto scam
July 2020 by Ilia Kolochenko, Founder & CEO of ImmuniWeb
A number of high-profile Twitter accounts were simultaneously hacked on Wednesday by attackers who used the accounts — some with millions of followers — to spread a cryptocurrency scam.
Ilia Kolochenko, Founder & CEO of web security company ImmuniWeb, Master of Legal Studies (WASHU) & MS Criminal Justice and Cybercrime Investigation (BU), comments:
"This incident is truly unusual both by the audacity and creativity of the attackers. The scale of the reported attack and the diversity of the victims unambiguously point out that Twitter, or one of its key suppliers, has likely been breached by the attackers. We may seek other commonalities among the mushrooming victims, like a shared social media management company that may have been breached, but the chances are considerably lower of this being the cause of the attack. In both cases, if the attackers got access and managed to steal Twitter’s databases, and are not just opportunistically exploiting an unknown authentication bypass flaw in one of its systems, millions of users and enterprises are at critical risk of highly sophisticated phishing, ransomware, identity theft and many other attacks for the next few years.
"This attack is unprecedently smart and coordinated, it will likely bring fruits to the hackers behind. This incident highlights the extreme fragility of the modern information space. In a similar disinformation campaign, nation-state actors may simply announce a military or nuclear incident and provoke national havoc, or spread fake news about rival business to ruin its stock price and then purchase it for pennies. "We expect Twitter to gradually share information about the course of investigation, and a detailed forensic report about the root causes of the incident.”