What we can learn from the massive Twitter hack

The Twitter case

On July 15th, 2020, Twitter experienced a massive intrusion into its internal systems. Unidentified cybercriminals commandeered tons of accounts and used them to launch a crypto-scam. They asked to send bitcoins to their bitcoin wallets, promising to return a doubled sum. Scammers exploited the accounts of celebrities with millions of followers, such as Elon Musk, Joe Bidden, Kim Kardashian, Kanye West, Jeff Bezos, and others. At the moment of writing, they managed to generate around 100,000 USD.

As per Twitter’s official statement, criminals caused all of this through social engineering methods and targeting the company’s employees. However, some sources claim that the threat came from the inside, with some staff members intentionally revealing confidential data. Other researchers believe the attack may have been enabled through targeted SIM swapping. Indeed, days before the attack, security researchers observed SIM swapping community members offering to change any Twitter account’s email address for money. There is a chance that they managed to access Twitter admin tools and users’ direct messages as well.

Whatever the cause, Twitter is actively trying to solve the issue while deleting the malicious tweets and limiting certain functions on its platform (e.g., Tweeting or password reset).

While the case is not unprecedented, it is probably the most severe attack the platform has ever experienced. It shows the importance of users taking cybersecurity seriously and the vulnerability of even the largest players in the game.

The latest info

Researchers are actively investigating this case and reporting their findings. The hackers’ identities are not yet known, but here’s what we do know:

• The New York Times recently contacted a Twitter user named Kirk who demonstrated having access to Twitter admin tools. He also presumably played a central role in the attack. There were also four other people who shared their logs and screenshots of Discord chat to The Times and demonstrated their connection to the hack. It seems like they are mostly young people in their early 20’s, some of whom still live with their parents.
• The hackers targeted 130 accounts. They accessed and tweeted from 45 of them and downloaded data from 8 of them.
• Twitter claims that the hackers manipulated several employees to gain access to their internal systems.
• Security researcher Brian Krebs linked the Twitter hack to the SIM swapping community. These cybercriminals exploit phone service provider security loopholes to transfer victims’ SIM card data to their devices. Days before the attack, members of this community were offering to change an email address tied to a Twitter account for money. They may have managed to access Twitter’s admin tools and users’ direct messages. According to Krebs, a notorious SIM swapper known as PlugWalkJoe may be related to this attack. He tweeted screenshots of the internal Twitter tools and took over some accounts.
• Hackers managed to access private messages of up to 36 affected accounts.

What to do if someone has breached your account

It’s not yet clear whether Twitter has closed the breach and what the best way would be for users to respond. However, these steps are generally a good idea whenever you suspect that someone may have hacked your social media account:

• Try resetting the password for your account if possible.
• Immediately change the passwords of your other accounts, especially if you reused your password. Hackers might try to use the same credentials to access your other accounts and will multiply the damage. Just make sure you use strong ones. Try our NordPass tool to store your complex and safe passwords.
• If you have apps connected to the hacked social media account, disconnect them immediately if possible.
• Inform your friends and followers about the hack so that no one replies to the hijacker’s messages and understands that it’s not you posting.
• In the worst-case scenario, wipe out your profile and create a new one.

How to mitigate your vulnerability

You can’t prevent these breaches from happening, but you can take steps to minimize their potential impact on you. Here’s how:

• Don’t post or store private and confidential data on social media.
• Don’t use a single account to connect to different platforms. By putting all your eggs in one basket, a hacker can get access to several of your accounts by hacking just one.
• Don’t use the same password for different accounts, and use stronger passwords.
• Don’t open suspicious links, websites or messages.
• Minimize the number of social networks you use.
• Report suspicious and fake profiles.
• Keep track of cybersecurity news to learn about the latest threats.
• Make your social media profile as private as possible. Do not make it visible to strangers. Check our tips on social media privacy.