Yesterday, Twitter was compelled to deal with the most massive, high-profile, reputation-damaging, and embarrassing security incident in its history. A large number of verified accounts belonging to celebrities and political persons with millions of followers promoted fraudulent Bitcoin scams and got hundreds of thousands through numerous transactions.
Related: High-Profile Twitter Accounts Hacked by Bitcoin Scammers
After the first wave has passed and Twitter’s engineers worked hard to contain the damage, a few new details have surfaced on the net. It is important to point out that Twitter is still investigating, as are other experts in the field, but here’s what’s new today.
Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.
— Support (@Support) July 17, 2020
Twitter believes that the attackers compromised 130 accounts, so there are many more than the names we gave you yesterday. People speculated on why Trump’s account isn’t on the list, with some suggesting that the hackers were politically motivated and so they targeted only democrats.
The most likely explanation, though, is that Twitter has numerous safeguards in place for the US President's account, as having it hacked could have a lot direr consequences than just a few thousand users losing their Bitcoins to scammers.
Speaking of which, Krebs has launched an investigation to find who could be behind the recent hack, following BTC wallets, SIM swapping actors, and boasting accounts on “OGusers.” At the same time, the FBI has also confirmed that they are investigating the incident, and so did the state of New York. One thing is for sure, and this is that the stolen Bitcoins will be very, very hard to move around, spin, exchange, use, or withdraw. Intelligence agencies are watching these addresses very closely, but this may just be a decoy for what this attack was really about.
From the first evidence of the investigations, and the screenshots that appeared in various places, it is clear that the actors got to access the DMs (direct messages) of the hacked accounts, which is way more catastrophic than anything relating to the Bitcoin scamming action.
Twitter wouldn't have to worry about the possibility that the attacker read, exfiltrated, or altered DMs right now if they had implemented e2e for DMs like EFF has been asking them to for years.
— Eva (@evacide) July 16, 2020
Twitter says there’s no evidence that passwords were accessed, and they do not even suggest that users should reset their passwords. However, the matter of the DMs remains a burning one, and the social media company hasn’t responded to any questions about this. Actors accessing DMs would have implications for many years to come.
These messages weren’t and aren’t being encrypted, and Twitter doesn’t have any plans to add end-to-end encryption, no matter how many have pleaded for it. It looks like poor account security combined with keeping everything in plaintext form created a calamitous cocktail for the social media platform and its prominent users.