Are you rich and famous? Do greedy young people admire you?
If so, you may not have been able to tweet for about two and a half hours today (July 15) That's because Twitter Inc has temporarily prevented authenticated accounts from posting anything
This security measure comes as dozens of prominent individual and corporate Twitter accounts were hijacked earlier today, luring gullible followers into a bitcoin scam
The hijacked accounts include Bill Gates, Jeff Bezos, Elon Musk, Kanye West, Joe Biden, Floyd Mayweather, Mike Bloomberg, Barack Obama, Warren Buffett, XXXTentacion, Israeli Prime Minister Benjamin Netanyahu, Wiz Khalifa, Apple, and Uber accounts were apparently included
Shortly after 6 pm Eastern time, Twitter temporarily suspended tweets from authenticated accounts (accounts marked with a blue check mark) The authenticated accounts regained tweeting privileges at approximately 8:35 pm Eastern time
"You may not be able to tweet or reset your password while we review and address this incident," Twitter's support account stated
Even Philip Michaels has a Twitter verification checkmark because he is a very important person in California He can send direct messages and retweet other people's tweetsTwitter may have taken the drastic action because the hijacked account continued to spread hours after it was launched, victimizing West's wife, Kim Kardashian West, just after 6 pm Eastern time
Interestingly, the bitcoin address posted in Kardashian's tweet was different from the addresses of most other tweets
"We are giving back to the community," read a message posted earlier on the Apple account 'We support Bitcoin and believe you should too Every bitcoin sent to our address below will be doubled and sent back to you"
The tweet then posted the address of the bitcoin, followed by the words, "Will do so for the next 30 minutes only"
Messages posted to other accounts varied, but all contained the same bitcoin address and, as of this writing, had received almost 13 bitcoins, or about $119,000 in US dollars (23]
"I decided to give back to my community," Bezos' tweet said before it was deleted like the others 'All bitcoins sent to my address below will be doubled I will only do up to $50,000,000"
This is not the first time Elon Musk's name has been used in a bitcoin scam Last month, a security firm discovered that scammers had created custom bitcoin addresses incorporating Musk's name
Cryptocurrency news site CoinDesk reported that the account takeover began when about a dozen cryptocurrency-related accounts all tweeted the same thing For more information: cryptoforhealthcom"
There is no website at that address About an hour later, hijackings of prominent individuals and businesses began with messages similar to those seen above
It is not clear how the scammers were able to break into so many prominent Twitter accounts at once Public figures' accounts are often shared among several staff members who are on the account owner's payroll, but it is unlikely that each was breached individually
As The Verge puts it, these incidents suggest that "someone found a serious security loophole in Twitter's login process or gained access to Twitter employees' administrative privileges"
The latter scenario has been bouncing around in hacker forums earlier today, although Tom's Guide could not confirm any of these claims, and many Twitter users supported the claim
Whatever the manner in which this widespread attack was carried out, the perpetrators appear to have completely compromised Twitter's own security We will provide more details on this situation as they become available
Twitter itself issued a brief statement saying, "We are aware of a security incident affecting Twitter accounts
"We are currently investigating and taking steps to correct the issue" We will update you all shortly"
Tyler Winklevoss, one half of the Winklevoss twins who happened to be involved in the founding of Facebook, made famous by the movie "The Social Network," said that he and his brother's Gemini cryptocurrency exchange Twitter account was hacked and several other cryptocurrency service He tweeted that his account was also hacked
More worryingly, Winklevoss said, "We have 2FA enabled at @Gemini We are currently investigating the root cause Please stay tuned
Two-factor authentication (2FA) is designed to prevent an attacker from obtaining your password and hijacking your account
We usually urge people to set up 2FA on their Twitter accounts to prevent their accounts from being hijacked, but in this case it doesn't seem to make any difference All you can do is take comfort in the fact that you are (probably) not a celebrity
Comments