Twitter says hacking of high-profile Twitter accounts was a "coordinated social engineering attack"
Some of the world's richest and most influential politicians, celebrities, tech moguls and companies were the subject of a massive Twitter hack on Wednesday. Elon Musk, Joe Biden, Jeff Bezos, Michael Bloomberg, Kim Kardashian West and Bill Gates were among the accounts pushing out tweets asking millions of followers to send money to a Bitcoin address.
All of the tweeted messages from the accounts shared similar language. The tweet from Kanye West's account said he is "giving back to my fans"; the message from Bezos' account said he had "decided to give back to my community"; and Musk's account said "feeling greatful."
Bezos, Musk, and Gates are among the 10 richest people in the world, based on Forbes' calculations. According to the Associated Press, the three men have a combined worth of $362 billion.
Twitter said in a statement that the company detected what they believed to be "a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."
"We're looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it," the company tweeted.
Twitter said that once they became aware of what happened, they "immediately locked down" hacked accounts and removed the tweets sent on their behalf. Twitter also limited functionality for all verified accounts, including those that showed no evidence of being compromised, while they investigated the issue.
"We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely," Twitter said. "Internally, we've taken significant steps to limit access to internal systems and tools while our investigation is ongoing."
The company released a new update Thursday night, writing that it believes about 130 accounts were targeted in the attack.
"For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts," the company said.
Twitter added that it's continuing to investigate whether non-public data related to the accounts was compromised.
A spokesperson for Bill Gates confirmed a tweet sent from his account was not sent by Gates himself. "This appears to be part of a larger issue that Twitter is facing," the spokesperson said.
Joe Biden's campaign issued a similar statement, saying, "Twitter locked down the account immediately following the breach and removed the related tweet."
Companies, including Apple and Uber, were apparently hacked as well. Following the incident, all of Apple's tweets appeared to have been deleted.
There have been at least 363 transactions since the tweets were posted, according to tracking website blockchain.com. So far, the account has received more than $118,000.
Shortly after the incident, many verified users reported they could no longer tweet, including media companies.
Several National Weather Service accounts were affected amid inclement weather. According to The Weather Channel, they affected accounts for regions in Illinois and Missouri as tornado warnings were being issued.
Verified accounts who attempted to tweet received an error message that read, "To protect our users from spam and other malicious activity, we can't complete this action right now."
Twitter acknowledged that some users' features may have been disabled as it investigated: "You may be unable to Tweet or reset your password while we review and address this incident."
About three hours later, Twitter Support said that "most accounts should we able to tweet again."
"As we continue working on a fix, this functionality may come and go," they tweeted. "We're working to get things back to normal as quickly as possible."
Unverified Twitter users used the massive hack to rise to the center of attention on the social media site.
Many users made fun of the situation, focusing on how verified accounts, or "blue checks," were forced to retweet other accounts in order to post anything on their profiles.
The hack also prompted Senator Josh Hawley of Missouri to write a letter to Dorsey on Wednesday, saying that some of the impacted accounts "alleged to have been protected by Twitter's two factor authentication."
"I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself. As you know, millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service," Hawley wrote. "A successful attack on your system's servers represents a threat to all of your users' privacy and data security."
Hawley prompted Dorsey to immediately work with the Department of Justice and FBI on the matter, and urged Dorsey to respond to a list of questions, including if the attack threatened the security of President Trump's account.