Skip to Content
Computing

Twitter blocked tweets from verified accounts after a massive security breach

Photo by Sara Kurfeß on Unsplash

What do Joe Biden, Barack Obama, Elon Musk, and Bill Gates have in common?

Dozens of high-profile verified Twitter accounts were hacked on Wednesday, seemingly to push a cryptocurrency scam that may have netted upwards of $100,000 in a matter of minutes. These kinds of scams are old hat on Twitter, but never have so many prominent accounts been taken over at once.

To stem the tide, Twitter appeared to take the unprecedented step of suspending all tweets from verified accounts for about a half hour on Wednesday. They also blocked some password reset attempts.

Several victims of the hack said they use multi-factor authentication to protect their accounts, but that security feature was of no use. Instead, the sheer volume of hacked accounts suggests a problem with Twitter itself. A company spokesperson said Twitter is “investigating and taking steps” to address the incident.

An early Twitter investigation found a "coordinated social engineering attack" that successfully targeted company employees. In the context of cybersecurity, social engineering is psychological manipulation. In plain English, it means the Twitter employees were tricked in some way by the hackers.

"We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf," the company said. "We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it."

The company has "taken significant steps to limit access to internal systems and tools while our investigation is ongoing."

While the hack at first glance seemed to be part of a Bitcoin scam, there could be another motive. Any hacker who can tweet from an account could potentially be able to read private direct messages. 

The outcome could have been worse than a few scam tweets given the prominence of the victims. Perhaps the most infamous Twitter hack of all time took place in 2013, when the Associated Press tweeted about explosions at the White House and sent the stock market plummeting temporarily. The attackers this time around could have sown similar chaos. Last year, the account of Twitter founder Jack Dorsey was hacked.

The hacking of a presidential candidate and the potential breach of private communications echoes the 2016 race, when emails from Hillary Clinton’s campaign and the Democratic National Committee were leaked by Russian government hackers. President Donald Trump, Twitter’s most famous user, has not been affected by the incident.

Takeovers first began late in the afternoon US Eastern Time against primarily cryptocurrency-focused accounts like the trading platforms Coinbase, Gemini, and Binance. The impact spread quickly after that.

Deep Dive

Computing

child outside a destroyed residential building in Kiev
child outside a destroyed residential building in Kiev

Russia hacked an American satellite company one hour before the Ukraine invasion

The attack on Viasat showcases cyber’s emerging role in modern warfare.

hacked telecom concept
hacked telecom concept

Chinese hackers exploited years-old software flaws to break into telecom giants

A multi-year hacking campaign shows how dangerous old flaws can linger for years.

inflection point post-NSO concept
inflection point post-NSO concept

The hacking industry faces the end of an era

But even if NSO Group is no more, there are plenty of rivals who will rush in to take its place. And the same old problems haven’t gone away.

stock image of robots in a car plant
stock image of robots in a car plant

Transforming the automotive supply chain for the 21st century

Cloud-based tech solutions are helping manufacturers manage a new ecosystem of suppliers with greater agility and resilience.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.