Security incident on Twitter affects several profiles

Posted date 17/07/2020

Twitter has published a thread on its official user support channel in which it has made public a cyber security incident that has affected some accounts on the platform, many of them company officials and world-renowned personalities.

Through a social engineering attack, coordinated and targeted at some of their employees with access to internal systems and tools, the attackers were able to take control of these accounts to tweet scam messages on their behalf. They invited users to make deposits into a bitcoin portfolio under the guise of rewarding the user with twice the amount invested.

At this time, from Twitter continue working to prevent this situation is repeated again and investigating whether the incident could have a greater scope.

[Update 03/08/2020] As reported by the United States District Court for Northern California, three people were charged for their alleged involvement in the cyber attack directed at Twitter that took place on July 15, 2020, one of them being a minor. The alleged attackers allegedly created a fraudulent bitcoin account, posted fraudulent messages to VIP Twitter accounts, sent requests from VIP Twitter accounts with the false promise of duplicating bitcoin deposits made to the scam account, and then stole the bitcoin that the victims deposited in the scam account. The account used for the scam received more than 400 transfers worth more than $ 100,000.

[Update 18/03/2021] Cybercriminal, Graham Ivan Clark, 18 years old, a suspect in the security incidents against Twitter, has pleaded guilty to charges of organised fraud, communications fraud, fraudulent use of personal information and unauthorised computer access. He faces up to three years in prison and three years on probation.