High-Profile Twitter Accounts Hacked to Facilitate Bitcoin Scam

Summary

Several high-profile Twitter accounts were hacked in an effort to steal bitcoin in what Twitter described as a “coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” The hacked Twitter accounts – including those belonging to Jeff Bezos, Elon Musk, Kim Kardashian West, Kanye West, and others – sent tweets asking followers to send money to a bitcoin address and claimed that any money sent would be doubled and sent back to the individual. Once Twitter became aware of the hacks, they locked down the affected accounts and removed the tweets. Access will be given back to account owners when it can be done securely. Additionally, access to Twitter’s internal systems and tools is limited until an investigation into the hacks is completed. Based on information from open source websites that track bitcoin transactions, the bitcoin address provided in the unauthorized tweets received more than $118,000.

Recommendations

The NJCCIC recommends providing cybersecurity awareness training to staff on a regular basis to educate users on current cyber threats and ways to reduce risk. Additionally, we reminds users to refrain from sending money in “too good to be true” offers, particularly those that are sent via email and social media platforms. While many of the details of this incident are still unknown, to help protect against account compromise via credential theft, the NJCCIC highly encourages users to enable two/multi-factor authentication on all accounts that offer it, including Twitter. More information can be found in the CBS News article.