Image 01 Image 03

Several Major Verified Twitter Accounts Hacked, Including Joe Biden’s Campaign, Barack Obama, Benjamin Netanyahu

Several Major Verified Twitter Accounts Hacked, Including Joe Biden’s Campaign, Barack Obama, Benjamin Netanyahu

Hacked tweets all directed people to send Bitcoin with the promise of doubling their donations and returning them

Wednesday, dozens of high profile (and verified) Twitter accounts were hacked with tweets directing people to donate Bitcoin and promising their Bitcoin donations would be returned, doubled.

The tweets all looked something like this:

https://twitter.com/KBrassenstein/status/1283518589740490752?s=20

An unofficial list (and only partially verified as many of the hacked tweets have been removed) of reportedly hacked accounts, which include Bill Gates, Elon Musk, Barak Obama, Biden’s Official Campaign Account, Benjamin Netanyahu, and Jack’s personal account:

– Elon Musk
– Apple
– Uber
– Joe Biden Campaign
– Jeff Bezos
– Bill Gates
– Kanye West
– Floyd Mayweather
– Wendy’s
– Mike Bloomberg
– Warren Buffet
– Barack Obama
– Wiz Khalifa
– Benjamin Netanyahu
– Bitcoin
– Jack
– CashApp

In response, it looks like  Twitter has locked some verified accounts temporarily:

Which begs questions about Twitter’s security:

Likely:

 

DONATE

Donations tax deductible
to the full extent allowed by law.

Comments

Twitter is such a shithole place.

It reminds me of Yahoo, another shithole company. Whenever I see someone with a Yahoo email address I laugh in their face and say “I suppose the nice thing about having your email on Yahoo is not having to wonder if you’ve been hacked. You KNOW you’ve been hacked, many times”

Don’t be a Twit, quit Twitter.

I would assume these sorts of accounts would at a minimum require two factor authentication if not a physical token or authenticator. This must be a hack operating from inside or through Twitter itself. Perhaps an employee’s software has been compromised.

    InEssence in reply to JohnC. | July 15, 2020 at 10:46 pm

    In any modern password system, an internal employee couldn’t hack it, because the company doesn’t know the password. The hacker could reset the password, but that should be done through email which the hacker wouldn’t have.

    There are three ways to get passwords like this. If the password is weak like Podesta’s “passw0rd”, that makes it easy. The other way is by putting a keylogger in a piece of malware that the hacker was able to get the victim to swallow (Yikes!). The third possible method (and most likely) is that Twitter’s password system is the pits and is not encrypted and salted.

      Barry in reply to InEssence. | July 16, 2020 at 12:21 am

      “The third possible method (and most likely) is that Twitter’s password system is the pits and is not encrypted and salted.”

      Yes.

        notamemberofanyorganizedpolicital in reply to Barry. | July 16, 2020 at 1:31 am

        Grummz
        @Grummz

        Presidential accounts were compromised. Why wouldn’t there be a high level investigation?

        We’re all about to learn a lot more about how the insides of Twitter work.

        Twitter just became a National Security Risk.

        Since former Presidents and Presidential candidates were compromised, you can bet Secret Service is going to be all up Twitter’s butt.

        Their security team is going to have to show them everything.

      thad_the_man in reply to InEssence. | July 16, 2020 at 5:24 am

      There are several other ways ways that it can be done. If the administrative tools allow them to modify the email address, they could modify that then reset the password.

      Or they could be snooping on outgoing email and catch a password reset.

      Or they could delete the account. Recreate the account as one of their own and give it a blue check mark.

        InEssence in reply to thad_the_man. | July 16, 2020 at 6:58 am

        None of those techniques would work on my systems, and I use a free framework. You would like to think that Twitter could at least meet that minimum level.

        The admin (internal employee) could hijack the account. But Jack’s personal account was hacked. He wouldn’t have access to his own account. You would think that he would investigate. Then the standard and proprietary (hopefully) logs would immediately reveal the culprit, if it was an internal hack.

        I thought of another way it could be done. If some other site had plain text passwords and they were stolen, then those passwords would be available on the dark net. For example, LinkedIn had this happen, because my old LinkedIn password was shown to me in extortion emails. If the victim used the same password on multiple accounts, then the hacker could try the LinkedIn password on Twitter. LinkedIn knew they were stolen and upgraded their system, but if I had used the same password on LinkedIn as on Twitter and did not update the Twitter password, then the hacker could get into my Twitter account.

        I’m still guessing that Twitter uses a substandard system.

        InEssence in reply to thad_the_man. | July 16, 2020 at 4:49 pm

        From Twitter, “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,”

        So their password system is substandard.

      dmacleo in reply to InEssence. | July 16, 2020 at 12:08 pm

      item 3 of your items reqs an sql hackaccess also (as in employee/sql vendor access) in order to gain access to unsalted tables.
      that alone raises a whole other set of issues

    JohnC in reply to JohnC. | July 16, 2020 at 10:59 am

    BINGO- “Hackers Convinced Twitter Employee To Help Them Highjack Accounts”
    After a wave of account takeovers, screenshots of an internal Twitter user administration tool are being shared in the hacking underground.

    https://www.vice.com/en_us/article/jgxd3d/twitter-insider-access-panel-account-hacks-biden-uber-bezos

healthguyfsu | July 15, 2020 at 7:29 pm

For that many high profile accounts to be hacked, it is definitely an internal compromise of Twitter.

Most of those people don’t write their own tweets, and the average person paid to do it for them keeps a pretty secure password or its their job.

Good thing twitter has blue checks to point out their internal inadequacies!

Jack has a very large ear.

Probably a signal that someone has their private messages.

Lot of strange happenings lately. Just a few years ago there were many subjects which were labeled as “conspiracy theories.” obamagate for instance. The msm howled and flung lots of poo when PDJT sent the “wires tapped” tweet. We’ve come a long way in a short time and it seems the timeline is accelerating. The last few days a lot of human trafficking and related subjects (I don’t even want to mention them) have been trending on twittr. I am open to the notion that twittr is part of a massive reverse psyop. I’m only on it because I was told I wasn’t welcome there. I don’t want to tolerate the suppression of our Rights including free speech and free association. Every time I think things can’t get any weirder, they do, sometimes by a lot.

So, I’m not getting the $2,000 am I?

So anyone giving odds that Joe’s password was “30330”?

notamemberofanyorganizedpolicital | July 16, 2020 at 1:21 am

Cernovich
@
Twitter admins have the power to post on behalf of world leaders.

One employee could start WWIII with a tweet.

king of the unver!fied
@
Replying

I’m gonna say
(a) this is bad
(b) nationalize twitter

Dana Wefer
@
This is the answer. Twitter should be nationalized. It’s a public resource.

https://mobile.twitter.com/Cernovich/status/1283608183450120192

unlikely there even was a hack. consider the source. twitter itself
is about as ‘trustworthy’ as a rattlesnake!