Twitter says ‘coordinated social engineering attack’ targeted politicians, tech leaders

Click to play video: 'Multiple high-profile Twitter accounts compromised in large-scale hack'
Multiple high-profile Twitter accounts compromised in large-scale hack
WATCH: Multiple high-profile Twitter accounts compromised in large-scale hack – Jul 15, 2020

A number of major Twitter accounts belonging to senior U.S. politicians and tech billionaires including U.S. Democratic presidential candidate Joe Biden, former U.S. President Barack Obama and Elon Musk fell victim to a “coordinated social engineering attack,” the social media platform confirmed on Wednesday.

Billionaire Bill Gates, rapper Kanye West, New York City Mayor Mike Bloomberg, and Silicon Valley giants Apple and Uber were also targeted in the attack.

The affected Twitter accounts shared tweets asking for bitcoin donations. Most of the tweets were deleted shortly after they were posted.

Story continues below advertisement

In a tweet just before 6 p.m. ET, Twitter Support said it was “aware of a security incident impacting accounts on Twitter,” and was investigating.

In an update just before 11 p.m. ET, Twitter said the platform had detected what it believes to be a “coordinated social engineering attack” by people who successfully targeted some of the company’s employees who had access to internal systems and tools.

“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf,” the tweet reads.

The platform said once it became aware of the incident, it began removing the tweets from the attackers and locking down the affected accounts.

Story continues below advertisement

The platform said it also “limited functionality” of a large group of accounts, including all verified accounts while they continue to investigate the issue.

Many verified Twitter users reported not being able to publish tweets, or reply to posts for approximately 30 minutes.

Click to play video: 'Facebook and Google suspend China’s data requests, TikTok to pull out of Hong Kong'
Facebook and Google suspend China’s data requests, TikTok to pull out of Hong Kong

However, just before 9 p.m. ET, Twitter said “most accounts should be able to tweet again.”

Story continues below advertisement

“As we continue working on a fix, this functionality may come and go,” the tweet read. “We’re working to get things back to normal as quickly as possible.”

Twitter said while this was “disruptive,” it was an “important step to reduce the risk.”

Read more: Twitter CEO’s hacked account sends racist tweets targeting black people and Jews

According to Twitter, the compromised accounts have been locked, and access will only be granted to their original owners once the platform is certain it can do so in a secure manner.

Twitter said it is now looking into any other “malicious activity” the attackers may have conducted, or any information they may have accessed.

Click to play video: 'Trump could sign executive order on social media companies on Thursday: White House'
Trump could sign executive order on social media companies on Thursday: White House

And the platform said it has taken “significant steps” to limit access to internal systems and tools” as the investigation continues.

Story continues below advertisement

In a tweet, Twitter CEO Jack Dorsey said it was a “tough day” at Twitter.

“We all feel terrible this happened,” he wrote. “We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”

While account compromises are not unusual, experts were surprised at the sheer scale and coordination of Wednesday’s incident.

“This appears to be the worst hack of a major social media platform yet,” Dmitri Alperovitch, who co-founded cybersecurity company CrowdStrike told Reuters.

Read more: Twitter tests new feature prompting Android users to open articles before sharing

Story continues below advertisement

Michael Borohovski, director of software engineering at the security company Synopsys, told Reuters that it is “highly likely” that the attackers were able to hack into the backend or service layer of the Twitter application.

“If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction,” he said.

-With files from Reuters

Sponsored content