The twitterers of the net can’t get over it. On the night of July 15, a hacker, or group of hackers, launched a large-scale scam on Twitter. The scam allowed them to raise more than two million dollars in bitcoin, according to the figures cited. What seems mind-blowing in this case is that the cyber criminals managed to obtain the credentials to access the administration tools of Twitter on the corporate network. This has enabled them to hijack accounts of eminent personalities and world famous companies, and to be able to reach, and therefore scam, millions of followers.
The scam happened as follows: once introduced into the accounts administration system, the cyber criminals began to take control of the celebrity accounts they targeted. They just changed the reference email addresses of these accounts, which are used in case of password reset. This has allowed cyber crooks to maintain control over hacked accounts, by preventing the rightful owner from changing their password.
A scam made possible by… we do not know yet
The hackers then posted tweets for a classic scam, claiming that bitcoin amounts sent to a defined address would be doubled before being returned. When you see a tweet from Elon Musk, Barack Obama, Joe Biden, Apple or Bill Gates supporting the operation, there is reason to let your guard down.
Twitter acknowledged via tweet the fraudulent use of its administration tool: “We have detected what we believe to be a coordinated social engineering attack by people who have successfully targeted some of our employees with access to systems and internal tools ”. But we still do not know if it is really social engineering, as Twitter says in its post, or if it is one or more distracted, indelicate or dissatisfied employees who are behind the disclosure of identifiers giving access to the administration tool used internally.
This is not the first time that Twitter employees have been suspected. Last year, two employees were charged with using their access to internal social media resources to “help” Saudi Arabia spy on dissidents living abroad. The social network claimed to have immediately locked the affected accounts and removed the tweets posted by the attackers, but the damage is done.