Hackers broke into the Twitter accounts of world leaders, celebrities and tech moguls on Wednesday in one of the most high-profile security breaches in recent years, highlighting a major flaw with the service millions of people have come to rely on as an essential communications tool.
The intent of the hack appeared to be to steal money from unsuspecting cryptocurrency enthusiasts — in particular, by using the compromised high-follower accounts to scam people out of Bitcoin. But it also raises questions about Twitter’s ability to secure its service against election interference and misinformation ahead of the U.S. presidential election.
Here are some questions and answers about the breach:
WHAT HAPPENED — AND HOW?
On Wednesday afternoon, the Twitter accounts of famous figures began tweeting similar messages saying they were “feeling generous” and would double any Bitcoin payments sent to an address in the tweet. Among the individual accounts affected were former President Barack Obama, Democratic presidential candidate Joe Biden, tech billionaires like Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk and celebrities.
Companies like Apple and Uber, which respectively have 4.6 million and one million followers, were also affected.
Twitter soon locked down many accounts, including those of its “verified” users with blue check marks next to their names — a group that include many U.S. politicians as well as businesses, celebrities, journalists and news organizations. Twitter called the hack a “coordinated social engineering attack” by unknown people who “targeted” Twitter employees with access to the platform’s internal systems and tools.
The hackers, Twitter said, used this access to take control of many high-profile accounts and masquerade as their owners.
WHAT IS SOCIAL ENGINEERING?
Essentially, social engineering means taking advantage of human nature. Examples include phishing attacks and other ways people can be tricked into giving out compromising information, malware attacks that get people to download malicious software, and compromising people by offering something in return for information. Twitter did not say how its employees were compromised.
COULD THE ATTACK HAVE BEEN PREVENTED?
Twitter said late Wednesday it has taken “significant steps” to limit employees’ access to internal systems and tools while its investigation is ongoing. But this is not the first time Twitter employees have wrecked havoc.
In 2017, a disgruntled employee deactivated President Donald Trump’s account for a few minutes. Last year, U.S. prosecutors charged two former Twitter employees with spying on user data for the government of Saudi Arabia. The incidents raise questions about Twitter’s internal security systems, and whether the company can trust employees with access to sensitive information.