2020 Twitter account hijacking

(Redirected from 2020 Twitter Bitcoin scam)

On July 15, 2020, between 20:00 and 22:00 UTC, 130 high-profile Twitter accounts were reportedly compromised by outside parties to promote a bitcoin scam.[1][2] Twitter and other media sources confirmed that the perpetrators had gained access to Twitter's administrative tools so that they could alter the accounts themselves and post the tweets directly. They appeared to have used social engineering to gain access to the tools via Twitter employees.[3][4][5] Three individuals were arrested by authorities on July 31, 2020, and charged with wire fraud, money laundering, identity theft, and unauthorized computer access related to the scam.[6]

2020 Twitter accounts hijacking
A tweet from Apple, which reads, "We are giving back to our community. We support Bitcoin and believe you should too! All Bitcoin sent to our addresses will be sent back to you, doubled!" After a bitcoin address, it reads "Only going on for the next 30 minutes."
A representative scam tweet, from Apple's hacked account
DateJuly 15, 2020, 20:00–22:00 UTC
CauseCoordinated social engineering attack
TargetHigh-profile verified Twitter accounts
OutcomeAt least 130 accounts affected. The bitcoin addresses involved received about US$110,000 in bitcoin transactions.
Arrests3, as of July 31, 2020

The scam tweets asked individuals to send bitcoin currency to a specific cryptocurrency wallet, promising the Twitter user that money sent would be doubled and returned as a charitable gesture.[7] Within minutes from the initial tweets, more than 320 transactions had already taken place on one of the wallet addresses, and bitcoins to a value of more than US$110,000 had been deposited in one account before the scam messages were removed by Twitter.[1][8] In addition, full message history data from eight non-verified accounts were also acquired.[9]

Dmitri Alperovitch, the co-founder of cybersecurity company CrowdStrike, described the incident as "the worst hack of a major social media platform yet."[2][10] Security researchers expressed concerns that the social engineering used to execute the hack could affect the use of social media in important online discussions, including the lead-up into the 2020 United States presidential election.[11][12] On July 31, 2020, the U.S. Department of Justice announced charges against three individuals in connection with the incident.[13]

Incident

edit

Forensic analysis of the scam showed that the initial scam messages were first posted by accounts with short, one- or two-character distinctive names, such as "@6".[14] This was followed by cryptocurrency Twitter accounts at around 20:00 UTC on July 15, 2020, including those of Coinbase, CoinDesk and Binance.[15][12] The scam then moved to more high-profile accounts with the first such tweet sent from Elon Musk's Twitter account at 20:17 UTC.[16] Other supposedly compromised accounts included those of well-known individuals such as Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, MrBeast, Michael Bloomberg,[8] Warren Buffett,[17] Floyd Mayweather Jr.,[12] Kim Kardashian, and Kanye West;[18][2] and companies such as Apple, Uber, and Cash App.[19] Twitter believed 130 accounts were affected, though only 45 were actually used to tweet the scam message;[9][20] most of the accounts that were accessed in the scam had at least a million followers.[2]

The tweets involved in the scam hack claimed that the sender, in charity, would repay any user double the value of any bitcoin they sent to given wallets, often as part of a COVID-19 relief effort. The tweets followed the sharing of malicious links by a number of cryptocurrency companies; the website hosting the links was taken down shortly after the tweets were posted.[7] While such "double your bitcoin" scams have been common on Twitter before, this was the first major instance of them being sent from breached high-profile accounts.[2] Security experts believe that the perpetrators ran the scam as a "smash and grab" operation: Knowing that the intrusion into the accounts would be closed quickly, the perpetrators likely planned that only a small fraction of the millions that follow these accounts needed to fall for the scam in that short time to make quick money from it.[2] Multiple bitcoin wallets had been listed at these websites; the first one observed had received 12 bitcoins from over 320 transactions, valued at more than US$118,000, and had about US$61,000 removed from it, while a second had amounts only in the thousands of dollars as Twitter took steps to halt the postings.[1][8][21] It is unclear if these had been funds added by those led on by the scam,[21][22] as bitcoin scammers are known to add funds to wallets prior to starting schemes to make the scam seem legitimate.[2] Of the funds added, most had originated from wallets with Chinese ownerships, but about 25% came from United States wallets.[14] After it was added, the cryptocurrency was then subsequently transferred through multiple accounts as a means to obscure their identity.[14]

Some of the compromised accounts posted scam messages repeatedly, even after having some of the messages deleted.[23] The tweets were labelled as having been sent using the Twitter Web app.[24] One of the phrases involved in the scam was tweeted more than 3,000 times in the space of four hours, with tweets being sent from IP addresses linked to many different countries.[25] The reused phrasing allowed Twitter to remove the offending tweets easily as they took steps to stop the scam.[12]

By 21:45 UTC, Twitter released a statement saying they were "aware of a security incident impacting accounts on Twitter" and that they were "taking steps to fix it".[26] Shortly afterwards, it disabled the ability for some accounts to tweet, or to reset their password;[27] Twitter had not confirmed which accounts were restricted, but many users with accounts Twitter had marked as "verified" confirmed that they were unable to tweet.[28] Approximately three hours after the first scam tweets, Twitter reported they believed they had resolved all of the affected accounts to restore credentials to their rightful owners.[29] Later that night, Twitter CEO Jack Dorsey said it was a "tough day for us at Twitter. We all feel terrible this happened. We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened."[12] At least one cryptocurrency exchange, Coinbase, blacklisted the bitcoin addresses to prevent money from being sent. Coinbase said they stopped over 1,000 transactions totaling over US$280,000 from being sent.[30]

In addition to sending out tweets, the account data for eight compromised accounts was downloaded, including all created posts and direct messages, though none of these accounts belonged to verified users.[9][31] Twitter also suspected that thirty-six other accounts had their direct messages accessed but not downloaded including Dutch Parliament Representative Geert Wilders, but believed no other current or former elected official had their messages accessed.[32][33]

Method of attack

edit

Bloomberg News, after investigation with former and current Twitter employees, reported that as many as 1500 Twitter employees and partners had access to the admin tools that would allow for the ability to reset accounts, as had been done during the incident. Former Twitter employees had told Bloomberg that even as late as 2017 and 2018, those with access would make a game of using these tools to track famous celebrities, though the amount of data visible through the tools alone was limited to elements like IP address and geolocation information. A Twitter spokesperson told Bloomberg that they do use "extensive security training and managerial oversight" to manage employees and partners with access to the tools, and that there was "no indication that the partners we work with on customer service and account management played a part here".[34] Former members of Twitter's security departments stated that since 2015, the company was alerted to the potential of an inside attack and other cybersecurity measures, but these were put aside in favor of more revenue-generating initiatives.[34]

As Twitter was working to resolve the situation on July 15, Vice was contacted by at least four individuals claiming to be part of the scam and presented the website with screenshots showing that they had been able to gain access to a Twitter administrative tool, also known as an "agent tool",[35] that allowed them to change various account-level settings of some of the compromised accounts, including confirmation emails for the account. This allowed them to set email addresses which any other user, with access to that email account, could initiate a password reset and post the tweets.[14] These hackers told Vice that they had paid insiders at Twitter to get access to the administrative tool to be able to pull this off.[3]

Ars Technica obtained a more detailed report from a researcher who worked with FBI on the investigation. According to this report, attackers scraped LinkedIn in search of Twitter employees likely to have administrator privileges account-holder tools. Then attackers obtained these employees' cell phone numbers and other private contact information via paid tools LinkedIn makes available to job recruiters. After choosing victims for the next stage, attackers contacted Twitter employees, most who were remote working due to the COVID-19 pandemic, and, using the information from LinkedIn and other public sources, pretended to be Twitter personnel. Attackers directed victims to log into a fake internal Twitter VPN. To bypass two-factor authentication, attackers entered stolen credentials into the real Twitter VPN portal, and "within seconds of the employees entering their info into the fake one", asked victims for the two-factor authentication code.[36]

TechCrunch reported similarly, based on a source that stated some of the messages were from a member of the hacking forum OGUsers, who had claimed to have made over US$100,000 from it.[4] According to TechCrunch's source, this member "Kirk" had reportedly gained access to the Twitter administrative tool likely through a compromised employee account, and after initially offering to take over any account on request, switched strategies to target cryptocurrency accounts, starting with Binance and then higher-profile ones. The source did not believe Kirk had paid a Twitter employee for access.[4]

The "@6" Twitter had belonged to Adrian Lamo, and the user maintaining the account on behalf of Lamo's family reported that the group that performed the hack were able to bypass numerous security factors they had set up on the account, including two-factor authentication, further indicating that the administrative tools had been used to bypass the account security.[14][37] Spokespersons for the White House stated that President Donald Trump's account, which may have been a target, had extra security measures implemented at Twitter after an incident in 2017, and therefore was not affected by the scam.[14]

Vice's and TechCrunch's sources were corroborated by The New York Times, who spoke to similar persons involved with the events, and from other security researchers who had been given similar screens, and tweets of these screens had been made, but Twitter removed these since they revealed personal details of the compromised accounts.[5] The New York Times further affirmed that the vector of the attack was related to most of the company's remote working during the COVID-19 pandemic. The OGUsers members were able to gain access to the Twitter employees' Slack communications channel where information and authorization processes on accessing the company's servers while remote working had been pinned.[5]

Twitter subsequently confirmed that the scam involved social engineering,[38] stating "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."[3][39] In addition to taking further steps to lock down the verified accounts affected, Twitter said they have also begun an internal investigation and have limited employee access to their system administrative tools as they evaluate the situation, as well as if any additional data was compromised by the malicious users.[29][40]

By the end of July 17, 2020, Twitter affirmed what had been learned from these media sources, stating that "The attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams."[35] Twitter had been able to further confirm by July 30 that the method used was what they called a "phone spear phishing attack": they initially used social engineering to breach the credentials of lower-level Twitter employees who did not have access to the admin tools, and then using those employee accounts, engaged in additional social engineering attacks to get the credentials to the admin tools from employees who did have authorization for their use.[41]

Perpetrators

edit

The FBI announced on July 16 it was launching an investigation into the scam, as it was used to "perpetuate cryptocurrency fraud", a criminal offense.[42] The Senate Select Committee on Intelligence also planned to ask Twitter for additional information on the hack, as the committee's vice-chair Mark Warner stated "The ability of bad actors to take over prominent accounts, even fleetingly, signals a worrisome vulnerability in this media environment, exploitable not just for scams but for more impactful efforts to cause confusion, havoc and political mischief".[14] The UK's National Cyber Security Centre said its officers had reached out to Twitter regarding the incident.[43]

Security researcher Brian Krebs corroborated with TechCrunch's source and with information obtained by Reuters, that the scam appeared to have originated in the "OGUsers" group.[44][45][4][46] The OGUsers forum ("OG" standing for "original gangsters") was established for selling and buying social media accounts with short or "rare" names, and according to its owner, speaking to Reuters, the practice of trafficking in hacked credentials was prohibited.[46] Screenshots from the forum, show various users on the forum offering to hack into Twitter accounts at US$2,000−3,000 each. Krebs stated one of the members might have been tied to the August 2019 takeover of Twitter CEO Jack Dorsey's Twitter account.[44] The OGUsers owner told Reuters that the accounts shown in the screenshots were since banned.[46]

The United States Department of Justice announced the arrest and charges of three individuals tied to the scam on July 31, 2020. A 19-year-old from the United Kingdom was charged with multiple counts of conspiracy to commit wire fraud, conspiracy to commit money laundering and the intentional access of a protected computer, and a 22-year-old from Florida was charged with aiding and abetting the international access. Both will be tried in the United States District Court for the Northern District of California.

A third individual, Graham Ivan Clark, 17 years old, of Hillsborough County, Florida, was also indicted; the charges were originally sealed in juvenile court, but he was eventually charged as an adult on 30 felony counts.[13] The charges included organized fraud, communications fraud, identity theft, and hacking. Florida state law allows for trying minors as adults in financial fraud cases.[6][47][48] Clark pleaded not guilty to the charges on August 4, 2020.[48] He accepted a plea bargain in March 2021 and was sentenced to 3 years in prison followed by 3 years of probation; he was sentenced under Florida's Youthful Offender Act, which limits the penalties on convicted felons under the age of 21.[49] According to the Tampa Bay Times, he would be able to "to serve some of his time in a military-style boot camp".[50][51][36]

A fourth individual, a 16-year-old from Massachusetts, had been identified as a possible suspect in the scam by the FBI. Though federal agents had conducted a warranted search of his possessions in late August 2020, no indictments have been made yet.[52]

In April 2023, 23-year-old Joseph James O'Connor, a British citizen with the online handle PlugwalkJoe, was extradited from Spain to New York to face charges after being arrested in July 2020, and reported to have hacked over 100 Twitter accounts including the accounts of Apple, Uber, Kanye West, Bill Gates, Joe Biden, Barack Obama, and Elon Musk. O'Connor is also accused of extorting close to $800,000 in cryptocurrency. O'Connor entered a guilty plea,[53][54] and on June 23 was sentenced to five years in federal prison in addition for forfeiting at least $794,000 to the victims of the hijacking.[55]

Reaction and aftermath

edit

In the immediate aftermath, affected users could only retweet content, leading NBC News to set up a temporary non-verified account so that they could continue to tweet, retweeting "significant updates" on their main account.[56] Some National Weather Service forecast offices were unable to tweet severe weather warnings, with the National Weather Service in Lincoln, Illinois initially unable to tweet a tornado warning.[57] Joe Biden's campaign stated to CNN that they were "in touch with Twitter on the matter", and that his account had been "locked down".[1] Google temporarily disabled its Twitter carousel in its search feature as a result of these security issues.[58]

During the incident, Twitter, Inc.'s stock price fell by 4% after the markets closed.[59] By the end of the next day, Twitter, Inc.'s stock price ended at $36.40, down 38 cents, or 0.87%.[60]

Security experts expressed concern that while the scam may have been relatively small in terms of financial impact, the ability for social media to be taken over through social engineering involving employees of these companies poses a major threat in the use of social media particularly in the lead-up to the 2020 United States presidential election, and could potentially cause an international incident.[11] Alex Stamos of Stanford University's Center for International Security and Cooperation said, "Twitter has become the most important platform when it comes to discussion among political elites, and it has real vulnerabilities."[12]

Twitter chose to delay the rolling out of its new API in the aftermath of the security issues.[61] By September, Twitter stated they had put new protocols in place to prevent similar social engineering attacks, including heightening background checks for employees that would have access to the key user data, implementing day-to-day phishing-resistant security keys, and having all employees involved in customer support participate in training to be aware of future social engineering scams.[62]

Though not part of the Twitter incident, Steve Wozniak and seventeen others initiated a lawsuit against Google the following week, asserting that the company did not take sufficient steps to remove similar Bitcoin scam videos posted to YouTube that used his and the other plaintiffs' names, fraudulently claiming to back the scam. Wozniak's complaint identified that Twitter was able to act within the same day, while he and the other plaintiffs' requests to Google had never been acted upon.[63]

On September 29, 2020, Twitter hired Rinki Sethi as CISO and VP of the company after the breach.[64]

On November 20, 2020, Hulu aired the 5th episode of "The New York Times Presents" series entitled "The Teenager Who Hacked Twitter," which details the events of this incident.[65]

References

edit
  1. ^ a b c d Iyengar, Rishi (July 15, 2020). "Twitter accounts of Joe Biden, Barack Obama, Elon Musk, Bill Gates, and others apparently hacked". CNN Business. Archived from the original on July 16, 2020. Retrieved July 15, 2020.
  2. ^ a b c d e f g "Musk and Gates 'hacked' in apparent Bitcoin scam". BBC News. July 15, 2020. Archived from the original on July 15, 2020. Retrieved July 15, 2020.
  3. ^ a b c Cox, Joseph (July 15, 2020). "Hackers Convinced Twitter Employee to Help Them Hijack Accounts". Vice. Archived from the original on July 15, 2020. Retrieved July 15, 2020.
  4. ^ a b c d Whittaker, Zack (July 15, 2020). "A hacker used Twitter's own 'admin' tool to spread cryptocurrency scam". TechCrunch. Archived from the original on July 16, 2020. Retrieved July 15, 2020.
  5. ^ a b c Popper, Nathaniel; Conger, Kate (July 17, 2020). "Hackers Tell the Story of the Twitter Attack From the Inside". The New York Times. Archived from the original on July 17, 2020. Retrieved July 17, 2020.
  6. ^ a b Hollister, Sean (July 31, 2020). "Three people just got charged for Twitter's huge hack, and a Florida teen is in jail". The Verge. Archived from the original on December 13, 2021. Retrieved July 31, 2020.
  7. ^ a b Sheth, Sonam (July 15, 2020). "Former President Barack Obama's Twitter account appears to have been hacked as part of a cryptocurrency scam". Business Insider. Archived from the original on July 16, 2020. Retrieved July 15, 2020.
  8. ^ a b c Leswing, Kif (July 15, 2020). "Hackers appear to target Twitter accounts of Elon Musk, Bill Gates, others in digital currency scam". CNBC. Archived from the original on July 15, 2020. Retrieved July 15, 2020.
  9. ^ a b c Hollister, Sean (July 17, 2020). "Read Twitter's update on the huge hack — 8 accounts may have had private messages stolen". The Verge. Archived from the original on July 18, 2020. Retrieved July 17, 2020.
  10. ^ "Twitter accounts of Elon Musk, Barack Obama, Bill Gates and more hacked in bitcoin scam". SBS World News. July 15, 2020. Archived from the original on July 16, 2020. Retrieved July 16, 2020.
  11. ^ a b Guynn, Jessica (July 16, 2020). "'Tweet-tastrophe'? It could have been. Twitter hack reveals national security threat ahead of election". USA Today. Archived from the original on July 16, 2020. Retrieved July 16, 2020.
  12. ^ a b c d e f Frenkel, Sheera; Popper, Nathaniel; Conger, Kate; Sanger, David E. (July 15, 2020). "A Brazen Online Attack Targets V.I.P. Twitter Users in a Bitcoin Scam". The New York Times. Archived from the original on July 16, 2020. Retrieved July 16, 2020.
  13. ^ a b "Three Individuals Charged For Alleged Roles In Twitter Hack". United States Department of Justice. July 31, 2020. Archived from the original on July 31, 2020. Retrieved July 31, 2020.
  14. ^ a b c d e f g Isaac, Mike; Frenkel, Sheera; Conger, Kate (July 16, 2020). "Twitter Struggles to Unpack a Hack Within Its Walls". The New York Times. Archived from the original on July 16, 2020. Retrieved July 16, 2020.
  15. ^ Whittaker, Zack; Hatmaker, Taylor; Perez, Sarah (July 15, 2020). "High-profile Twitter accounts simultaneously hacked to spread crypto scam". TechCrunch. Archived from the original on July 15, 2020. Retrieved July 19, 2020.
  16. ^ Statt, Nick (July 15, 2020). "Barack Obama, Joe Biden, Elon Musk, Apple, and others hacked in unprecedented Twitter attack". The Verge. Archived from the original on July 16, 2020. Retrieved July 15, 2020.
  17. ^ Holmes, Aaron; Leskin, Paige (July 15, 2020). "Hackers took over dozens of high-profile Twitter accounts including those of Barack Obama, Joe Biden, Elon Musk, Kim Kardashian, and Apple and used them to post bitcoin scam links". Business Insider. Archived from the original on July 15, 2020. Retrieved July 15, 2020.
  18. ^ Woodward, Alex (July 15, 2020). "Elon Musk, Apple, Bill Gates, Kanye West and more hacked by cryptocurrency scam". The Independent. Archived from the original on July 16, 2020. Retrieved July 15, 2020.
  19. ^ Ingram, David; Collier, Kevin (July 15, 2020). "Biden, Gates, Musk: Bitcoin scam breaches some of world's most prominent Twitter accounts". NBC News. Archived from the original on July 15, 2020. Retrieved July 15, 2020.
  20. ^ Lawler, Richard (July 16, 2020). "Twitter says attackers targeted 130 accounts in Wednesday's breach". Engadget. Archived from the original on January 8, 2022. Retrieved July 16, 2020.
  21. ^ a b Mac, Ryan; Lytvynenko, Jane (July 15, 2020). "Joe Biden, Elon Musk, And Barack Obama's Twitter Accounts Were Hacked In A Bitcoin Scam". BuzzFeed News. Archived from the original on July 15, 2020. Retrieved July 15, 2020.
  22. ^ Roberts, Jeff John (July 15, 2020). "Scammer behind massive Twitter hack has made only $109,000—so far". Fortune. Archived from the original on July 16, 2020. Retrieved July 18, 2020.
  23. ^ Price, Rob (July 15, 2020). "Some of the world's biggest Twitter accounts are hacked. Here's what we do and don't know about what's going on right now". Business Insider. Archived from the original on July 16, 2020. Retrieved July 15, 2020.
  24. ^ Frier, Sarah; Tong, Sebastian (July 15, 2020). "Twitter Hack Snags Obama, Biden, Gates Accounts in Bitcoin Scam". Bloomberg. Archived from the original on July 16, 2020. Retrieved July 15, 2020.
  25. ^ "Twitter accounts of Biden, Obama and other prominent figures hacked". The Irish Times. July 15, 2020. Archived from the original on May 14, 2021. Retrieved July 15, 2020.
  26. ^ Twitter Support [@TwitterSupport] (July 15, 2020). "We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly" (Tweet) – via Twitter.
  27. ^ Gartenberg, Chaim (July 15, 2020). "Twitter has shut off the ability for some people to tweet after massive hack". The Verge. Archived from the original on July 16, 2020. Retrieved July 15, 2020.
  28. ^ Couts, Andrew (July 15, 2020). "Twitter Finally Blocks the Worst of Us from Tweeting". Gizmodo. Archived from the original on July 16, 2020. Retrieved July 15, 2020.; Sanders, Chris; Driver, Anna (July 15, 2020). "Twitter silences some verified accounts after wave of hacks". Yahoo News. Reuters. Archived from the original on July 16, 2020. Retrieved July 15, 2020.; Gartenberg, Chaim (July 15, 2020). "Twitter has shut off the ability for some people to tweet after massive hack". The Verge. Archived from the original on July 16, 2020. Retrieved July 15, 2020.
  29. ^ a b Iyengar, Rishi (July 15, 2020). "Twitter blames 'coordinated' attack on its systems for hack of Joe Biden, Barack Obama, Bill Gates and others". CNN. Archived from the original on July 16, 2020. Retrieved July 16, 2020.
  30. ^ Kelly, Makena (July 20, 2020). "Coinbase says it halted more than $280,000 in bitcoin transactions during Twitter hack". The Verge. Archived from the original on July 21, 2020. Retrieved July 20, 2020.
  31. ^ Twitter Support [@TwitterSupport] (July 18, 2020). "Attackers took the additional step of downloading the account's information" (Tweet) – via Twitter.
  32. ^ Bell, Karissa (July 22, 2020). "Twitter confirms one elected official had DMs accessed in hack". Engadget. Archived from the original on July 23, 2020. Retrieved July 22, 2020.
  33. ^ Sterling, Toby (July 23, 2020). "Dutch lawmaker Wilders says Twitter hack could expose dissidents". Reuters. Archived from the original on July 23, 2020. Retrieved July 23, 2020.
  34. ^ a b Robertson, Jordan; Mehrotra, Kartikay; Wagner, Kurt (July 27, 2020). "Twitter's Security Woes Included Broad Access to User Accounts". Bloomberg News. Archived from the original on July 28, 2020. Retrieved July 27, 2020.
  35. ^ a b O'Sullivan, Donie; Fung, Brian; Perez, Evan (July 18, 2020). "Twitter says some accounts had personal data stolen in massive hack". CNN. Archived from the original on August 15, 2021. Retrieved July 18, 2020.
  36. ^ a b Goodin, Dan (March 17, 2021). "I was a teenage Twitter hacker. Graham Ivan Clark gets 3-year sentence". Ars Technica. Archived from the original on February 25, 2023. Retrieved March 17, 2021.
  37. ^ Lucky225 (July 16, 2020). "The Twitter Hack — What exactly happened?". Medium. Archived from the original on July 16, 2020. Retrieved July 16, 2020.{{cite web}}: CS1 maint: numeric names: authors list (link)
  38. ^ Wang, Jules (July 16, 2020). "Massive Twitter breach made possible by social engineering". Android Police. Archived from the original on July 17, 2020. Retrieved July 17, 2020.
  39. ^ Twitter Support [@TwitterSupport] (July 16, 2020). "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools" (Tweet) – via Twitter.
  40. ^ Twitter Support [@TwitterSupport] (July 16, 2020). "Internally, we've taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues" (Tweet) – via Twitter.
  41. ^ Goodin, Dan (July 30, 2020). "Twitter hackers used "phone spear phishing" in mass account takeover". Ars Technica. Archived from the original on July 31, 2020. Retrieved July 31, 2020.
  42. ^ Menn, Joseph; Hosinball, Mark (July 16, 2020). "Exclusive: U.S. FBI is leading an inquiry into the Twitter hack, sources say". Reuters. Archived from the original on July 16, 2020. Retrieved July 16, 2020.
  43. ^ "Major US Twitter accounts hacked in Bitcoin scam". BBC News. July 16, 2020. Archived from the original on July 16, 2020. Retrieved July 16, 2020.
  44. ^ a b Bell, Karissa (July 16, 2020). "Twitter hack reportedly originated with posts on a gray market forum". Engadget. Archived from the original on July 17, 2020. Retrieved July 16, 2020.
  45. ^ Krebs, Brian (July 16, 2020). "Who's Behind Wednesday's Epic Twitter Hack?". Krebs on Security. Archived from the original on July 16, 2020. Retrieved July 16, 2020.
  46. ^ a b c Setter, Raphael; Menn, Joseph (July 16, 2020). "Before hack tore through Twitter, online forum offered accounts for sale". Reuters. Archived from the original on August 18, 2021. Retrieved July 16, 2020.
  47. ^ Conger, Kate; Popper, Nathaniel (July 31, 2020). "Florida Teenager Is Charged as 'Mastermind' of Twitter Hack". The New York Times. ISSN 0362-4331. Archived from the original on July 31, 2020. Retrieved July 31, 2020.
  48. ^ a b "Tampa teenager accused in Twitter hack pleads not guilty". Associated Press. August 4, 2020. Archived from the original on August 31, 2020. Retrieved August 4, 2020 – via ABC News.
  49. ^ "Teen Who Hacked Musk, Obama Twitter Accounts Gets 3 Years in Jail". PCMAG. Archived from the original on January 9, 2023. Retrieved January 9, 2023.
  50. ^ "Tampa Twitter hacker agrees to three years in prison". Tampa Bay Times. Archived from the original on January 9, 2023. Retrieved May 16, 2021.
  51. ^ Statt, Nick (March 16, 2021). "Teen 'mastermind' behind the great Twitter hack sentenced to three years in prison". The Verge. Archived from the original on March 16, 2021. Retrieved March 16, 2021.
  52. ^ Popper, Nathaniel (September 1, 2020). "Twitter Hack May Have Had Another Mastermind: A 16-Year-Old". The New York Times. Archived from the original on September 2, 2020. Retrieved September 2, 2020.
  53. ^ Clayton, Abene (May 10, 2023). "Twitter hack: UK man pleads guilty to hijacking accounts including of Joe Biden and Elon Musk". The Guardian. Retrieved May 10, 2023.
  54. ^ Tidy, Joe; Radford, Antoinette (May 10, 2023). "Briton pleads guilty in US to 2020 Twitter hack". BBC News. Retrieved May 10, 2023.
  55. ^ "Hacker responsible for 2020 Twitter breach sentenced to prison". June 23, 2023.
  56. ^ Lee, Nicole (July 15, 2020). "Twitter has apparently disabled tweets from verified accounts". Engadget. Archived from the original on July 16, 2020. Retrieved July 15, 2020.
  57. ^ Cappucci, Matthew; Freedman, Andrew (July 16, 2020). "Twitter outage affected National Weather Service office during a tornado warning". The Washington Post. Archived from the original on July 17, 2020. Retrieved July 19, 2020.
  58. ^ Hager, Ryan (July 17, 2020). "Google confirms it disabled the Twitter carousel in Search following Bitcoin scam kerfuffle". Android Police. Archived from the original on April 16, 2021. Retrieved July 17, 2020.
  59. ^ Matney, Lucas (July 15, 2020). "Twitter stock slides after-hours amid scramble to contain high-profile account hacks". TechCrunch. Archived from the original on July 16, 2020. Retrieved July 15, 2020.
  60. ^ "Twitter, Inc. (TWTR) Stock Historical Prices & Data - Yahoo Finance". finance.yahoo.com. Archived from the original on September 13, 2020. Retrieved August 2, 2020.
  61. ^ Wang, Jules (July 16, 2020). "Twitter overhauls API with dev roadmap and a slow drip of new features". Android Police. Archived from the original on July 17, 2020. Retrieved July 17, 2020.
  62. ^ Moon, Mariella (September 25, 2020). "Twitter's changes since the June attack include requiring security keys". Engadget. Archived from the original on September 25, 2020. Retrieved September 25, 2020.
  63. ^ Burnson, Robert (July 23, 2020). "Steve Wozniak Sues YouTube Over Twitter-Like Bitcoin Scam". Bloomberg News. Archived from the original on July 23, 2020. Retrieved July 23, 2020.
  64. ^ Ayanti Bera (September 29, 2020). "Twitter appoints Rinki Sethi as new information security head". Reuters. Archived from the original on November 21, 2020. Retrieved January 2, 2021.
  65. ^ "The Teenager Who Hacked Twitter". IMDb. Archived from the original on May 6, 2022. Retrieved April 5, 2022.
edit