Musk, Gates, Biden, Apple Among Accounts Taken Over
[ad_1]
Breach scale suggests Twitter admin takeover
Twitter’s security has been compromised this evening, with the breach used to take over Elon Musk’s, Jeff Bezos’ and Bill Gates’ and other’s prominent Twitter accounts in a Bitcoin scam that has their followers directed to deposit Bitcoin in a certain wallet with the false promise that contributions will be doubled.
Twitter has confirmed a security incident, saying “You may be unable to Tweet or reset your password while we review and address this incident”.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
The incident, which for once does actually deserve the adjective “unprecedented” has also seen the accounts of Apple, Uber and Kanye West taken over. Presidential candidate Joe Biden’s account is among those who have also Tweeted the scam. Many appear to have been able to rapidly remove the Tweets. The situation is developing.
Yikes, strongest hypothesis is that the attackers have owned Twitter’s employee admin panel which allows Twitter employees ability to change pw/disable MFA to allow an attacker to take over a prominent account and tweet on their behalf without dealing with their password or MFA.
— Rachel Tobac (@RachelTobac) July 15, 2020
Twitter Hacked: Admin Access Appears Likely
The scale of the incident suggests an attacker either gained access to a Twitter employee’s administrative privileges or found a sweeping vulnerability in the social platform’s login protocols. Given that many of the accounts are likely, given their high profile, to have enabled two-factor authentication, it seems plausible that someone senior at Twitter has been compromised and their privileges abused.
Note the email addresses change. Twitter has no reason to give employees native access to impersonate users.
Accounts are being stolen, auth token generated, and tweeted from. Note how legitimate users still have tokens to delete tweets. Not a clean hit.https://t.co/grlhbkhVhR— Swift⬡nSecurity (@SwiftOnSecurity) July 15, 2020
Security firm RiskIQ says it has identified infrastructure tied to the cryptocurrency scammers. The unverified list is on Pastebin here.
RiskIQ researchers just doubled the number of IoCs in the Pastebin. Please continue to monitor it for updates as this situation evolves https://t.co/D99QOpfbFc #twitterhack #twitterhacks #ThreatIntel #IOCs https://t.co/HZkJmDjRmM
— RiskIQ (@RiskIQ) July 15, 2020
[ad_2]
Source link