Musk, Gates, Biden, Apple Among Accounts Taken Over
Increase to favorites
Breach scale indicates Twitter admin takeover
Twitter’s security has been compromised this night, with the breach utilized to take more than Elon Musk’s, Jeff Bezos’ and Monthly bill Gates’ and other’s popular Twitter accounts in a Bitcoin rip-off that has their followers directed to deposit Bitcoin in a selected wallet with the bogus assure that contributions will be doubled.
Twitter has verified a security incident, declaring “You may be unable to Tweet or reset your password when we critique and address this incident”.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking measures to correct it. We will update everybody shortly.
— Twitter Help (@TwitterSupport) July fifteen, 2020
The incident, which for when does actually are entitled to the adjective “unprecedented” has also found the accounts of Apple, Uber and Kanye West taken more than. Presidential prospect Joe Biden’s account is among those people who have also Tweeted the rip-off. Quite a few surface to have been able to fast take out the Tweets. The predicament is establishing.
Yikes, strongest hypothesis is that the attackers have owned Twitter’s personnel admin panel which lets Twitter staff capacity to adjust pw/disable MFA to allow an attacker to take more than a popular account and tweet on their behalf devoid of working with their password or MFA.
— Rachel Tobac (@RachelTobac) July fifteen, 2020
Twitter Hacked: Admin Accessibility Seems Likely
The scale of the incident indicates an attacker both obtained entry to a Twitter employee’s administrative privileges or found a sweeping vulnerability in the social platform’s login protocols. Presented that many of the accounts are probably, supplied their large profile, to have enabled two-component authentication, it appears to be plausible that someone senior at Twitter has been compromised and their privileges abused.
Take note the electronic mail addresses adjust. Twitter has no explanation to give staff native entry to impersonate customers.
Accounts are currently being stolen, auth token generated, and tweeted from. Take note how respectable customers still have tokens to delete tweets. Not a clear strike.https://t.co/grlhbkhVhR— Swift⬡nSecurity (@SwiftOnSecurity) July fifteen, 2020
Security agency RiskIQ suggests it has discovered infrastructure tied to the cryptocurrency scammers. The unverified checklist is on Pastebin listed here.
RiskIQ researchers just doubled the quantity of IoCs in the Pastebin. Remember to carry on to keep track of it for updates as this predicament evolves https://t.co/D99QOpfbFc #twitterhack #twitterhacks #ThreatIntel #IOCs https://t.co/HZkJmDjRmM
— RiskIQ (@RiskIQ) July fifteen, 2020
