The social network is dealing with a massive security flaw that’s allowed scammers to take over accounts belonging to prominent users.
Twitter is removing images from the social network that could point to how hackers executed a major hacking spree on the platform. On Wednesday, hackers took over the Twitter accounts of prominent users, including Barack Obama, Bill Gates, Elon Musk, Kanye West and Jeff Bezos, in order to promote a Bitcoin scam.
While Twitter hacks are nothing new — the social network experiences frequent account takeovers — the repeated and singular theme of Wednesday’s account takeovers suggest an effort beyond the SIM jacking attack that ensnared Twitter CEO Jack Dorsey last August.
“Given that numerous high-profile Twitter accounts were compromised as part of this attack — accounts that would presumably be protected by multifactor authentication and strong passwords — it is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application,” said Michael Borohovski, director of software engineering at the cybersecurity company Synopsys.
Twitter said that the attack came from hackers compromising one of its employee’s accounts.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter said in a statement on Wednesday.
The company said it’s investigating what other access the attackers had after getting their hands on Twitter’s internal tools.
(For tips on how to secure your Twitter account, see this CNET story.)
Posters on a hacking forum for selling highly-desired Twitter handles on Wednesday displayed screenshots of Twitter’s administrative panel, which showed internal details like the email addresses registered with accounts, when the account was last accessed and what phone numbers were tied to it. It also displayed the number of strikes logged against each account.