A few hours back, many high-profile Twitter profiles were hacked to spread a cryptocurrency scam. Among the affected accounts were those of Microsoft co-founder Bill Gates, SpaceX CEO Elon Musk, and Amazon CEO Jeff Bezos. Under the hack, a tweet was posted claiming that the profile was giving back or doubling the amount of cryptocurrency sent to the account.
Shortly after, Twitter posted that it was investigating the problem. Now, Twitter Support (@twittersupport) has notified us on what it knows about the nature of the attack. The thread also tells us about the actions the site took to mitigate the effects of this hack.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.— Twitter Support (@TwitterSupport) July 16, 2020
First, the social media giant deemed last night's attack was a 'social engineering attack' to take control of highly-visible accounts by targeting some Twitter employees with access to internal systems. Immediately after the site got to know of this, it removed the malicious tweet and disabled further tweeting from the affected accounts. Interestingly, all verified accounts, affected or not, were unable to tweet. An hour later, Twitter restored this functionality, but it is still limiting access to internal tools as it continues to investigate the hack.
While Twitter's allusion to its employees being targeted does not directly state that one or more of its employees were behind the socially engineered attack, it still raises a few eyebrows at such a possibility. We already have reports hinting at an inside job citing sources from the SIM swapping community and the selling of vanity usernames. Rest assured, we shall continue to update you as the situation unfolds.