Several Major Verified Twitter Accounts Hacked, Including Joe Biden’s Campaign, Barack Obama, Benjamin Netanyahu
Hacked tweets all directed people to send Bitcoin with the promise of doubling their donations and returning them
Wednesday, dozens of high profile (and verified) Twitter accounts were hacked with tweets directing people to donate Bitcoin and promising their Bitcoin donations would be returned, doubled.
The tweets all looked something like this:
https://twitter.com/KBrassenstein/status/1283518589740490752?s=20
An unofficial list (and only partially verified as many of the hacked tweets have been removed) of reportedly hacked accounts, which include Bill Gates, Elon Musk, Barak Obama, Biden’s Official Campaign Account, Benjamin Netanyahu, and Jack’s personal account:
– Elon Musk
– Apple
– Uber
– Joe Biden Campaign
– Jeff Bezos
– Bill Gates
– Kanye West
– Floyd Mayweather
– Wendy’s
– Mike Bloomberg
– Warren Buffet
– Barack Obama
– Wiz Khalifa
– Benjamin Netanyahu
– Bitcoin
– Jack
– CashApp
In response, it looks like Twitter has locked some verified accounts temporarily:
You may be unable to Tweet or reset your password while we review and address this incident.
— Twitter Support (@TwitterSupport) July 15, 2020
Which begs questions about Twitter’s security:
Level of Security of Twitter #hacked pic.twitter.com/b1xikGlyDN
— Allwin Joshi (@aLLiNJoshi) July 15, 2020
Likely:
Twitter HQ right now as big verified accounts are being hacked:
#hacked pic.twitter.com/cxvVKt8naG
— c i n d y ♎️ (@lilicablossomxo) July 15, 2020
when the person who #hacked the big twitter accounts withdraws the bitcoin pic.twitter.com/qQ1tcpU5q1
— Rhys ? (@rhvsxx) July 15, 2020
Donations tax deductible
to the full extent allowed by law.
Comments
Twitter is such a shithole place.
It reminds me of Yahoo, another shithole company. Whenever I see someone with a Yahoo email address I laugh in their face and say “I suppose the nice thing about having your email on Yahoo is not having to wonder if you’ve been hacked. You KNOW you’ve been hacked, many times”
Don’t be a Twit, quit Twitter.
I imagine your opinion of me is horrid based on my Hotmail address.
I love my Hotmail account. At this point it is so old it is no longer a target.
Hotfoot account?
More on the Democrats Hacking themselves…….
Weazil Zippers
“Multiple celebrities and politicians are having their accounts compromised and are Tweeting gibberish…..
Follow the Democrat money – this could be a money laundering operation…..
Alleged screenshots of internal Twitter tools suggest platform maintains user ‘blacklists’ despite denying practice for years
…. Twitter admin control screen that shows ‘Trending Blackist’ and ‘Search Blacklist’ buttons….
https://www.google.com/amp/s/www.rt.com/news/494880-twitter-blacklist-leaked-images/amp/
Hackers Convinced Twitter Employee to Hijack Accounts for Them
After a wave of account takeovers, screenshots of an internal Twitter user administration tool are being shared in the hacking underground.
Twitter has been deleting some screenshots of the panel and has suspended users who have tweeted them, claiming that the tweets violate its rules.
https://www.vice.com/amp/en_us/article/jgxd3d/twitter-insider-access-panel-account-hacks-biden-uber-bezos?__twitter_impression=true
Cernovich
@
Twitters admin panel has a button to “blacklist trends.”
So yeah twitter lied, they manually edit trends.
The ones advocating violence are kept up. By their choice.
They aren’t a platform. They are a publisher.
Abolish Section 230.
https://mobile.twitter.com/Cernovich/status/1283570221584793600
Twitter Admin Controls
Screen Shot.
https://cdni.rt.com/files/2020.07/original/5f0fd85c85f540092f5437b9.png
I actually got one with my initials and surname. (Now… where did I put that CompuServ password?)
TF_Grizzly @ someaccount.whatever??
Sigh. This garbage again? There is no such status as “platform”. They are an Interactive Computer Service, and the law explicitly allows them to delete offensive user-supplied content without thereby becoming responsible for whatever they don’t delete but did not produce and in all likelihood haven’t read.
You are calling for this forum to be shut down. So you ought to stop posting here. Without Section 230’s immunity Prof J could not afford the liability of letting us comment here.
This is an interactive computer service, exactly like Twitter. And it’s moderated, exactly like Twitter, though perhaps with a lighter hand. Anyone could post something defamatory, and if moderating the forum made Prof J a publisher he would be liable for it, even if he had no idea it was there.
I won’t hold it against you; you seem like a decent bloke otherwise.
yahoo email address is actually google servers. no different than gmail users.
I would assume these sorts of accounts would at a minimum require two factor authentication if not a physical token or authenticator. This must be a hack operating from inside or through Twitter itself. Perhaps an employee’s software has been compromised.
In any modern password system, an internal employee couldn’t hack it, because the company doesn’t know the password. The hacker could reset the password, but that should be done through email which the hacker wouldn’t have.
There are three ways to get passwords like this. If the password is weak like Podesta’s “passw0rd”, that makes it easy. The other way is by putting a keylogger in a piece of malware that the hacker was able to get the victim to swallow (Yikes!). The third possible method (and most likely) is that Twitter’s password system is the pits and is not encrypted and salted.
“The third possible method (and most likely) is that Twitter’s password system is the pits and is not encrypted and salted.”
Yes.
Grummz
@Grummz
Presidential accounts were compromised. Why wouldn’t there be a high level investigation?
We’re all about to learn a lot more about how the insides of Twitter work.
Twitter just became a National Security Risk.
Since former Presidents and Presidential candidates were compromised, you can bet Secret Service is going to be all up Twitter’s butt.
Their security team is going to have to show them everything.
There are several other ways ways that it can be done. If the administrative tools allow them to modify the email address, they could modify that then reset the password.
Or they could be snooping on outgoing email and catch a password reset.
Or they could delete the account. Recreate the account as one of their own and give it a blue check mark.
None of those techniques would work on my systems, and I use a free framework. You would like to think that Twitter could at least meet that minimum level.
The admin (internal employee) could hijack the account. But Jack’s personal account was hacked. He wouldn’t have access to his own account. You would think that he would investigate. Then the standard and proprietary (hopefully) logs would immediately reveal the culprit, if it was an internal hack.
I thought of another way it could be done. If some other site had plain text passwords and they were stolen, then those passwords would be available on the dark net. For example, LinkedIn had this happen, because my old LinkedIn password was shown to me in extortion emails. If the victim used the same password on multiple accounts, then the hacker could try the LinkedIn password on Twitter. LinkedIn knew they were stolen and upgraded their system, but if I had used the same password on LinkedIn as on Twitter and did not update the Twitter password, then the hacker could get into my Twitter account.
I’m still guessing that Twitter uses a substandard system.
From Twitter, “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,”
So their password system is substandard.
item 3 of your items reqs an sql hackaccess also (as in employee/sql vendor access) in order to gain access to unsalted tables.
that alone raises a whole other set of issues
BINGO- “Hackers Convinced Twitter Employee To Help Them Highjack Accounts”
After a wave of account takeovers, screenshots of an internal Twitter user administration tool are being shared in the hacking underground.
https://www.vice.com/en_us/article/jgxd3d/twitter-insider-access-panel-account-hacks-biden-uber-bezos
For that many high profile accounts to be hacked, it is definitely an internal compromise of Twitter.
Most of those people don’t write their own tweets, and the average person paid to do it for them keeps a pretty secure password or its their job.
Good thing twitter has blue checks to point out their internal inadequacies!
Jack has a very large ear.
The better to monitor your tweets for Wrongthink.
Probably a signal that someone has their private messages.
Lot of strange happenings lately. Just a few years ago there were many subjects which were labeled as “conspiracy theories.” obamagate for instance. The msm howled and flung lots of poo when PDJT sent the “wires tapped” tweet. We’ve come a long way in a short time and it seems the timeline is accelerating. The last few days a lot of human trafficking and related subjects (I don’t even want to mention them) have been trending on twittr. I am open to the notion that twittr is part of a massive reverse psyop. I’m only on it because I was told I wasn’t welcome there. I don’t want to tolerate the suppression of our Rights including free speech and free association. Every time I think things can’t get any weirder, they do, sometimes by a lot.
The answer is even simpler: money talks, and loyalty to America means nothing to the money-talkers.
“I am open to the notion that twittr is” deep in the child trafficing and human slave trafficing along with the DNC and MSM…..
So, I’m not getting the $2,000 am I?
But you might get a Kenyan Prince showing up your door at midnight!!!!!
Maybe he’ll even bring Michelle.
No. It’s Reggie………luv……
So anyone giving odds that Joe’s password was “30330”?
LOL
Cernovich
@
Twitter admins have the power to post on behalf of world leaders.
One employee could start WWIII with a tweet.
king of the unver!fied
@
Replying
I’m gonna say
(a) this is bad
(b) nationalize twitter
Dana Wefer
@
This is the answer. Twitter should be nationalized. It’s a public resource.
https://mobile.twitter.com/Cernovich/status/1283608183450120192
You assume Twitter is more important than it is.
unlikely there even was a hack. consider the source. twitter itself
is about as ‘trustworthy’ as a rattlesnake!