You thought that 2020 is worse enough because of COVID-19? If the assumption is true enough, then the big news of the month for July might as well be given to the massive Twitter hack that happened few days ago, with targets involving well-known figures in both industrial, political, and even the online community.
The news broke out when a suspicious yet familiar message is getting tweeted by people such as Bill Gates, Joe Biden, Jeff Bezos, Barack Obama, major companies like Apple, and Uber, even to content creators such as MrBeasts. The majority of the message involves luring the community into sending Bitcoin address to have the amount doubled and returned to them.
Usually, these types of scams are ignored because free money ads and clickbait are nothing short on social media either. However, when the damage has been done or people with power are involved, not even the FBI has a choice but to involve in the investigation as well, mainly questioning the security concerns over in Twitter’s system. The US administration has been bugging social media giants over the years for more transparency in their internal workings and this incident might as well be the nail in the coffin for finalizing a bill on this matter.
On the other hand, Twitter has confirmed that no password has been compromised but instead, employee tools are being abused to gain permission over the accounts. But one account was protected from this breach though and it is US President Donald Trump’s account which was reported to have special protections that even dev tools aren’t allowed to touch these accounts. A rough figure of 130 accounts are affected by this incident, Twitter has confirmed on this, however.
Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.
— Twitter Support (@TwitterSupport) July 17, 2020
Meanwhile, take a look at the public profile of this Bitcoin wallet. A whole 12.868 BTC is in there. It is still hard to believe these are legit because no one has publicly claimed that they have sent out to whoever is holding this wallet and one may think that why someone that is tech-savvy enough to know about Bitcoin would fall into such blatantly obvious scam with an overused template that rivals fellow Nigerian Prince level of deception. Some people do suspect that these transactions are getting seeded to make it look legitimate. Not sure the motives behind such moves if was true enough though.
While such a massive breach happened due to the failure of the platform’s responsibilities, we as users need to set our securities standard up to par as usual. The most effective way is to enable 2 Factor Authentication (2FA) if it is available for any online service you used such as Google, Facebook, and Steam. It practically makes you phishing-proof at a basic level too.
But then again, it seems like Twitter’s admin tools need a fix here. I don’t think 2FA will have any effect to prevent such attacks from happening.