The Twitter accounts of major companies and individuals have been compromised in one of the most widespread and confounding hacks the platform has ever seen, all in service of promoting a bitcoin scam that appears to be earning its creators quite a bit of money.
We don’t know how the hack happened or even to what extent Twitter’s own systems may have been compromised — but following the unprecedented hacks of accounts including President Barack Obama, Joe Biden, Elon Musk, Bill Gates, Kanye West, Michael Bloomberg, and Apple, Twitter has confirmed it took the drastic step of blocking new tweets from every verified user, compromised or no, as well as locking all compromised accounts.
Twitter says it won’t restore access to their owners “until we are certain we can do so securely.”
We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.
— Twitter Support (@TwitterSupport) July 16, 2020
On Wednesday evening, the company revealed that its own internal employee tools were compromised and used in the hack, which may explain why even accounts that claimed to have two-factor authentication were still attempting to fool followers with the bitcoin scam.
The account takeovers appear to have subsided, but new scam tweets were posting to verified accounts on a regular basis starting shortly after 4PM ET and lasting more than two hours. Twitter acknowledged the situation after more than an hour of silence, writing on its support account at 5:45PM ET, “We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.”
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
The company took the unprecedented measure of preventing verified accounts from tweeting at all starting sometime around 6PM ET. This would seem to be the first time Twitter has ever done this in the company’s history. Twitter updated its stance on limiting tweets at 7:18PM ET, writing, “We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience.” At 8:41PM ET, Twitter said “most” verified accounts should be able to tweet, adding, “As we continue working on a fix, this functionality may come and go.”