A major Twitter hack affected celebrity and verified accounts - but is yours safe?

Thursday, 16th July 2020, 12:58 pm
Updated Thursday, 16th July 2020, 12:58 pm
What do you think of the new feature from T(Photo: Shutterstock)witter? (Photo: Shutterstock)
What do you think of the new feature from T(Photo: Shutterstock)witter? (Photo: Shutterstock)

A number of high-profile, 'verified' Twitter accounts were hacked on the night of 15 July, with fraudsters impersonating celebrities (including President Barack Obama) to ask for monetary transactions.

Billionaires like Elon Musk, Jeff Bezos and Bill Gates were among the names targeted by scammers, who used their accounts to request donations of the cryptocurrency, Bitcoin.

"This appears to be the worst hack of a major social media platform yet," Dmitri Alperovitch, co-founder of cyber-security company CrowdStrike, told Reuters news agency.

Twitter founder Jack Dorsey said, "Tough day for us at Twitter. We all feel terrible this happened."

Here's everything you need to know about the breach - and if your own Twitter account is safe.

What happened?

The accounts - which have large followings on the social media platform - were simultaneously hacked, and a message posted encouraging users to send $1,000 (£794) to a Bitcoin address.

In return, recipients of the message were promised their money would be doubled and returned to them.

The message - which was 'shared' by Presidential candidate Joe Biden and US rapper Kanye West - read, "I am giving back to my community due to Covid-19! All Bitcoin sent to my address below will be sent back doubled.

"If you send $1,000, I will send back $2,000! Only doing this for the next 30 minutes! Enjoy."

A number of company accounts, including that of Apple and Uber, were also hacked.

The fraudulent messages were posted after several high profile cryptocurrency companies' Twitter accounts shared malicious links earlier on 15 July.

Did the scam work?

Though the promise of a cash investment being doubled by a billionaire you've never met would be met with suspicion by most, the hack did appear to work for its perpetrators.

According to publicly available records on the morning of 16 July, the Bitcoin address received over $110,000 (£88,000) from hundreds of transactions.

Most of the fake tweets were deleted within a number of minutes, but many had been retweeted thousands of times.

Is Twitter safe to use?

Addressing the breach, Twitter commented, "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."

In a series of tweets, the social media company said the hackers "used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf."

The hack only appeared to affect those with high-profile accounts with large follower numbers, but it's still a worrying story for Twitter's 145 million daily users.

The platform said "significant steps" were taken to limit access to such internal systems and tools while the company's investigation was ongoing. Users reported that those with verified accounts, marked by a blue tick, could not send tweets for a brief period.

Should I change my password?

Though many users' first instinct would be to change the passwords on their accounts to thwart potential hackers, Twitter began denying password reset requests as some other ‘account functions’ were also disabled.

These functions appear to have been reinstated, and users looking to change their passwords now can.

Provided you can remember your current password, it is quick and easy to update it, and you can be safe in the knowledge that your account is secure should your original password information fall into the wrong hands.