Twitter says 130 accounts were targeted in a major cyber-attack of celebrity accounts two days ago.
While this happened on the 15th of July, Twitter also says only a “small subset” of those 130 celebrity accounts had control seized by the attacker.
This security breach saw accounts including those of Barack Obama, Elon Musk, Kanye West and Bill Gates tweet a Bitcoin scam to millions of followers.
“We’re working with impacted account-owners and will continue to do so over the next several days,” Twitter said, through its official support account.
“We are continuing to assess whether non-public data related to these accounts was compromised,” it added.
The FBI is also investigating.
It started on the 15 July, when a number of Bitcoin-related accounts began tweeting what appeared to be a simple Bitcoin scam, promising to “give back” to the community by doubling any Bitcoin sent to their address.
Then, the apparent scam spread to mainstream celebrity accounts such as Kim Kardashian West and former vice-president Joe Biden, and those of corporations Apple and Uber.
Twitter in its bid to contain the unprecedented attack, temporarily prevented all verified users from tweeting.
Attackers were able to bypass account security because they had somehow gained access to Twitter’s own internal administration tools.
However, US President Donald Trump, one of the most prominent Twitter users, was unaffected.
This might be as a result of extra protections put in place after his account was deactivated by an employee on their last day of work in 2017.
Despite the fact that the scam was obvious to some, the attackers received hundreds of transfers, worth more than $100,000 (£80,000).
Bitcoin is extremely hard to trace and it turns out that the three separate crypto-currency wallets that the cyber-criminals used have already been emptied.
But earlier in the week, researchers at cyber-crime intelligence firm Hudson Rock spotted an advert on a hacker forum claiming to be able to steal any Twitter account by changing the email address to which it is linked.
The seller also posted a screenshot of the panel usually reserved for high-level Twitter employees. It appeared to allow full control of adding an email to an account or “detaching” existing ones.
This may mean that the attackers had access to the back end of Twitter at least 36-48 hours before the Bitcoin scams began appearing on Wednesday evening.
According to The New York Times, the hack began with a user named “Kirk” who bragged to two teenagers that he worked at Twitter and could access even the most high profile accounts
One of the teens lived in the US and went by the online name “lol,” and the other, who lived in the UK, used the online name “ever so anxious.”
The UK-based teenager denied working with “Kirk” to take over accounts belonging to Joe Biden, Bill Gates and others. The hackers posted messages on the accounts suggesting followers make thousands in bitcoin “donations.”
The concern is that this hack might not be over if the attackers copied – and still possess the private Direct Messages of the accounts over which they took control.