A number of major Twitter accounts belonging to senior U.S. politicians and tech billionaires including U.S. Democratic presidential candidate Joe Biden, former U.S. President Barack Obama and Elon Musk fell victim to a “coordinated social engineering attack,” the social media platform confirmed on Wednesday.
The affected Twitter accounts shared tweets asking for bitcoin donations. Most of the tweets were deleted shortly after they were posted.
In a tweet just before 6 p.m. ET, Twitter Support said it was “aware of a security incident impacting accounts on Twitter,” and was investigating.
In an update just before 11 p.m. ET, Twitter said the platform had detected what it believes to be a “coordinated social engineering attack” by people who successfully targeted some of the company’s employees who had access to internal systems and tools.
“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf,” the tweet reads.
The platform said once it became aware of the incident, it began removing the tweets from the attackers and locking down the affected accounts.
The platform said it also “limited functionality” of a large group of accounts, including all verified accounts while they continue to investigate the issue.
Many verified Twitter users reported not being able to publish tweets, or reply to posts for approximately 30 minutes.
However, just before 9 p.m. ET, Twitter said “most accounts should be able to tweet again.”
“As we continue working on a fix, this functionality may come and go,” the tweet read. “We’re working to get things back to normal as quickly as possible.”
Twitter said while this was “disruptive,” it was an “important step to reduce the risk.”
According to Twitter, the compromised accounts have been locked, and access will only be granted to their original owners once the platform is certain it can do so in a secure manner.
Twitter said it is now looking into any other “malicious activity” the attackers may have conducted, or any information they may have accessed.
And the platform said it has taken “significant steps” to limit access to internal systems and tools” as the investigation continues.
In a tweet, Twitter CEO Jack Dorsey said it was a “tough day” at Twitter.
“We all feel terrible this happened,” he wrote. “We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”
While account compromises are not unusual, experts were surprised at the sheer scale and coordination of Wednesday’s incident.
“This appears to be the worst hack of a major social media platform yet,” Dmitri Alperovitch, who co-founded cybersecurity company CrowdStrike told Reuters.
Michael Borohovski, director of software engineering at the security company Synopsys, told Reuters that it is “highly likely” that the attackers were able to hack into the backend or service layer of the Twitter application.
“If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction,” he said.
-With files from Reuters