Pixel Envy

Written by Nick Heer.

Today’s Breach of High-Profile Twitter Accounts Was Enabled by an Employee

Natalie Gagliordi, ZDNet:

A number of high profile Twitter accounts, including Bill Gates, Elon Musk and Apple, were breached on Wednesday.

The verified accounts for Gates, Musk and Apple issued tweets promoting a cryptocurrency scam, asking followers to send money to a blockchain address in exchange for a larger pay back.

The official account for former vice president and US presidential candidate Joe Biden was also hacked. Hackers also breached the official account of former president Barack Obama.

These account breaches were an extraordinary thing to watch unfold today, as it evolved from cryptocurrency-focused accounts to mainstream celebrities. Eventually, it became sort of a guessing game about which account would be next. All told, the blockchain address in question received less than $120,000 USD at current exchange rates.

So how did they do it? How did they manage to hijack dozens of high-profile accounts, many of which were apparently protected by two-factor authentication, and post tweets to commit this fraud?

Joseph Cox, Vice:

“We used a rep that literally done all the work for us,” one of the sources told Motherboard. The second source added they paid the Twitter insider. Motherboard granted the sources anonymity to speak candidly about a security incident.

The accounts were taken over using an internal tool at Twitter, according to the sources, as well as screenshots of the tool obtained by Motherboard. One of the screenshots shows the panel and the account of Binance; Binance is one of the accounts that hackers took over today. According to screenshots seen by Motherboard, at least some of the accounts appear to have been compromised by changing the email address associated with them using the tool.

This thing didn’t need to be perfect in order for it to work, and bribing employees to change email addresses is a simple enough way to do it. People are, after all, often the greatest security vulnerability in an organization.