Elon Musk, Bill Gates, and Barack Obama are some of the many influential figures Hackers targeted on Twitter in a Bitcoin scam.
The accounts of Kanye West, Joe Biden, and Jeff Bezos were also hacked, posting cryptocurrency donations requests.
“Everyone is asking me to give back,
You send me $1,000, and I’ll send you $2,000.” – They tweeted.
Of course, all these tweets were lies.
How something so big as the Twitter Bitcoin Hack happened? Here’s what we know.
An Attack on Twitter’s Employees
Twitter made a statement that the accounts of some of its employees were taken over in a “coordinated attack.”
These employees had access to Twitter’s systems, and tools and hackers used these to compromise over 100 accounts, including that of Apple.
The US Senate Commerce Committee demanded a briefing from Twitter about the incident.
Senator Roger Wicker wrote to the firm, saying, “It could not be overstated how troubling the incident was, both in its effects and the apparent failure of Twitter’s internal controls to prevent the failure.”
Several law enforcement investigations that included one from the FBI are actively involved in the situation at the highest levels.
Lawmakers are also demanding more transparency around the entire incident.
The hacking may have long-term consequences for the whole of the cybersecurity industry and all high-profile social media users.
What Was Twitter’s Response?
The attack netted its creators $120,000. Coinbase prevented 1,100 of its users from sending Bitcoin to the hackers and thus saved many more from the scandal.
However, it will still cost Twitter a lot in reputation damages and ensuing legal problems.
As a response to the attack, Twitter stated that they had taken “significant steps” to limit access to the same internal tools and systems for the period of the investigation.
Twitter also temporarily blocked people’s ability to post Bitcoin wallet addresses.
CEO Jack Dorsey tweeted that it was a “Tough day for everyone at Twitter”… and that “they all felt terrible this happened.”
He added that “We fell behind” where security was concerned and that the breakdown happened in “both the protections against social engineering for employees and restrictions on internal tools.”
US Senator Josh Hawley wrote to the company asking if the President’s account had been compromised. And a statement from the White House made it clear: the President’s account was not compromised.
After all, that’s what companies always say, so not a big surprise.
Can this ever happen again? Can a hack so aggressive harm you and your company?
How to Prevent Such Attacks on Your Company
Twitter suffered a two-pronged attack that was probably a targeted “spear-phishing” attack based on social engineering. It also exploited user account privileges.
Fortunately for you, such attacks can be prevented easily.
Firstly, all your employees should be trained in the basics of cybersecurity and social engineering-based attacks. This simple precaution cannot be stressed enough.
The incident is also a great example of why we recommend the Principle of Least Privilege. That means allowing users only enough access as needed to do their jobs.
If companies use POLP, attackers won’t be able to compromise the accounts of employees to gain access to critical or sensitive data.
Another great way of ensuring that you can stay away from spear phishing is getting protection for your emails.
Combine that combined with regular employee training, and small and medium enterprises have a much better chance of beating hackers than large enterprises.
Massive enterprises like Twitter have too many employees to train, but most other businesses can do much better than them.
But you won’t have that problem. Why?
At MyItGuy, we stand ready to solve all your IT problems. Try our anti-phishing email protection services to keep scammers far away from your systems.