Everyone knows that a website promising to double your money is a scam. But how will you respond when tweets from verified public figures Twitter account (such as, Bill Gate, Apple [iPhone company], Barrack Obama and others) are the ones telling you that they want to double your money?
Well, that is what happen, and many Twitter users quickly wanted to cash in the opportunity. But little did they know that, tweets from those verified Twitter accounts were not tweet from the real owners of the accounts, but was tweet from a hacker that has breached the Twitter platform.
Yes, you heard it right. Twitter has been breached again!
How it Happened
The Twitter platform was not breached because there was a vulnerability in the system. No. it was because, some of the employee of Twitter fell victims to the social engineering tactics of the attackers.
As a result, the attacker was able to gain access into the Twitter platform as if they were the employees that they victimized.
While the attacker was in the Twitter system as a Twitter Employee, they were able to bypass Twitter Two-Factor authentication process, and gain access to about 130 Twitter accounts. These Twitter account they gained access to were verified account of public figures.
What the Attackers did
When in the Twitter system, the attacker was able to reset the passwords of about 45 accounts so as to lock out the original owner.
8 other account they were able to access, the attacker downloaded those account Twitter Data.
Apart from these, the attacker initiated a bitcoin scam, where, they used account from well-known figures to tell their followers that they want to double their money. So, the followers should send them the amount they wish to have doubled via bitcoin, and they will send the follower double of what they sent.
As a result, followers of such public figures that fell victim to this scam lost over $100,000 in bitcoin to the attacker.
Twitter said that they have since kicked out the attackers from their system, and have taken additional steps to ensure that the attacker did not leave a loophole, with which they will use to gain access to Twitter system at a later time.
They have placed heavy restrictions on affected accounts, so the attackers won’t be able to use it, as they try to get in touch with the real owners so as to restore access to them.
As a rule, Twitter said that they also took preemptive measures to restrict functionality for many other accounts on Twitter. These restrictions include preventing those accounts from being able to tweet or change passwords. However, this does not mean that those account were compromised. According to Twitter, it is only about 130 accounts, that there is evident of compromisation.
Twitter also said that they are working round the clock internally, and with law enforcement agencies to ensure that the perpetrators (the attackers) are brought to justice. Hence, the investigations are not over yet.
They are also rolling out additional company-wide training, to help their employees detect and guard against social engineering tactics. This is to supplement the training their employees currently receive during onboarding and ongoing phishing exercises throughout the year.
What you Should Do
As outlined above, the breach in Twitter is not one that affected a lot of their users, hence your and my own account is probably safe and thus does not require us to change our Twitter login credentials (passwords, recovery info).
However, know that there is no legitimate business or public figure that will want to give out money, and then will ask you to first send them money. If you see something like that in the future, whether in Twitter or anywhere else, know that it is a scam.
Be wise, protect your hard earn money.
Brief note on Social Engineering
Social engineering is a tactic used to get others to do something for you they will not normally do if they know who you really are, or what your intention are. For example:
You saw a security guard with lots of load on his hand trying to deep that same hand into his pocket to bring out his key card to open the door. Since he is wearing a guard uniform, you might want to offer using your key card to open the door for him, if it so happens that you too are going the same place.
Little did you know that he is not a guard, and he does not even have a key card. He is just painting that situation to get you to open the door for him.
This is just one scenario.
Do you find this article helpful? Your Friend might too. So, please Share it with them using the Share button above.
Will you like to get notified when I post new updates? Then Follow me on any of my social media handles: Google News, Telegram, WhatsApp, Twitter, Facebook, Pinterest.
You can also drop your email address below if you wish to be notified by mail.