The Twitter attack may have been perpetrated by Joseph James Connor, a 21-year-old English SIM swapper linked to a group that hijacked @jack's account last year
Twitter was thrown into chaos on Wednesday after accounts for some of the world's most recognizable public figures …
Krebs on Security Brian Krebs
Related Coverage
- Twitter hack once again puts a negative spotlight on Bitcoin CNN · Clare Duffy
- Twitter says attackers targeted 130 accounts in Wednesday's breach Engadget · Richard Lawler
- Before hack tore through Twitter, online forum offered accounts for sale Reuters
- The Twitter Hack — What exactly happened? Lucky225
- Around 130 Twitter accounts targeted in bitcoin scam hack, company says CyberScoop · Jeff Stone
- The importance of the Twitter hack should not be missed TechnoLlama · Andres Guadamuz
- Scott Melker on Twitter: ‘We Cannot Depend on Centralized Platforms’ Cointelegraph · Turner Wright
- Twitter says about 130 accounts were targeted in cyber attack this week Reuters · Shubham Kalia
- Twitter's massive hack could be even worse than it seems CNN · Brian Fung
- SPACs as a Call Option on Hype The Diff · Byrne Hobart
- Twitter hack: Suspect identified; why Trump's account wasn't hacked; more 9to5Mac · Ben Lovejoy
- Twitter Hack - Security Researcher Points to Notorious Sim Swap Fraudsters Crowdfund Insider · JD Alois
- Twitter Releases New Details About Recent Hack of High-Profile Accounts Security Boulevard · Filip Truta
- Twitter hack fallout: Investigators on trail of cyber criminals ComputerWeekly.com · Alex Scroxton
- Twitter says 130 people were targeted in hack that hijacked accounts of Elon Musk, Joe Biden CNBC · Ryan Browne
- Industry Reactions to Twitter Hack: Feedback Friday SecurityWeek · Eduard Kovacs
- Twitter automatically flags more than half of all tweets that violate its rules Fast Company · Steven Melendez
- In first interview after Twitter hack, Jack Dorsey pledges transparency Fast Company · Steven Melendez
- FBI joins Twitter hacker hunt after prominent accounts hijacked Al Jazeera
- 130 Twitter accounts were targeted by hackers in the grand Bitcoin scam The Next Web · Ivan Mehta
- 21-Year Old SIM Swapper Could Be Behind BTC Scam Enabled by Attack on Twitter CryptoGlobe · Francisco Memoria
- Twitter Hackers who Targeted High-Profile Accounts Received $121,000 in Bitcoin Coinspeaker · Daria Rud
- Twitter says 130 accounts were targeted in massive Bitcoin hack Digital Trends · Trevor Mogg
- Is this the hacker behind the huge Twitter breach? The Daily Dot · Mikael Thalen
- Twitter blames social engineering for hack as a possible suspect is named SiliconANGLE · Duncan Riley
- Twitter hack reportedly originated with posts on a gray market forum Engadget · Karissa Bell
- The Twitter attack may have been executed by a 21-year-old SIM swapper, researcher says Input · Tom Maxwell
- Senator Ron Wyden wants to know why Twitter DMs still aren't end-to-end encrypted Reclaim The Net · Cindy Harper
- Who's Behind Wednesday's Epic Twitter Hack? Slashdot · BeauHD
- Twitter says no evidence passwords were stolen in hack of high profile accounts AppleInsider · Mikey Campbell
- In panic, Twitter locked out users who changed their password in the last month Mashable · Jack Morse
- Twitter Struggles to Unpack a Hack Within Its Walls New York Times
- How to protect yourself from Bitcoin scams Decrypt · Esat Dedezade
- The Twitter Hack Could Have Been So Much Worse Slate · Aaron Mak
- Twitter hack is another wake-up call about security ahead of the election CNET
- Stephen Colbert roasts Twitter and Jack Dorsey over crypto scam hack Mashable · Caitlin Welsh
- Twitter says passwords were not compromised in hijacking, DM security unclear 9to5Mac · Filipe Espósito
- Twitter Says 130 Accounts Targeted in Hack That Hijacked Feeds of Kanye, Biden, Obama, Bezos and Others Variety · Todd Spangler
- 'Guess who's back?': Political figures locked out in hack start returning to Twitter Reuters · Elizabeth Culliford
- Twitter Reveals The Massive Hack Was An Inside Job Observer · Jordan Zakarin
- The Twitter Hack Could Have Been Much Worse—and Maybe Was Wired · Brian Barrett
- A prominent senator is calling out Twitter following its massive hack for not encrypting DMs … Business Insider · Tyler Sonnemaker
- Google quickly demoted Twitter results in Search after yesterday's Bitcoin scam 9to5Google · Stephen Hall
- The Hack: When Crime Pays Fractions of a Penny on the Dollar The Diff · Byrne Hobart
- Twitter Hackers Gained Access to Accounts Using Internal Tool MacRumors · Tim Hardwick
- Google confirms it disabled the Twitter carousel in Search following Bitcoin scam kerfuffle Android Police · Ryne Hager
- High‑profile Twitter accounts hacked to promote Bitcoin scam WeLiveSecurity · Amer Owaida
- Bitcoin Searches Spike On Google After Twitter Scam Goes Viral NewsBTC · Tony Spilotro
- Trump's Twitter account has extra protections, which could be why it didn't get hacked The Verge · Jay Peters
- The giant Twitter hack is being investigated by the FBI The Next Web · Napier Lopez
- Twitter Hack: Why Wasn't Donald Trump Targeted? Forbes · Barry Collins
- Twitter hack is a reminder of the dangers of unfettered employee access SC Media · Bradley Barth
- Twitter hack an inside job; hackers ‘paid’ employee to hijack high-profile accounts International Business Times · Shafa Reyaz
- People Who Tried to Change Their Passwords After Twitter Hack Are Still Locked Out VICE · Janus Rose
- Everything we know about the Twitter Bitcoin hack Engadget · Chris Velazco
- Twitter's big hack raises red flags in political circles ahead of November Fast Company · Mark Sullivan
- What really happened with the Twitter hack? The 6 biggest theories CyberNews · Bernard Meyer
- The FBI Is Investigating the Twitter Attack That Hijacked Accounts to Promote a BTC Scam CryptoGlobe · Francisco Memoria
- Twitter hack exploded the popularity of Bitcoin on social media CryptoSlate · Priyeshu Garg
- Twitter Says Hackers Targeted Just 130 People in Cyber-Attack Bloomberg · Kurt Wagner
- Twitter hack exposes a huge new internal Security hole It's a Gadget · Andrei C.
- Twitter hackers who targeted Elon Musk and others received $121,000 in bitcoin, analysis shows CNBC · Kif Leswing
- Twitter hack triggers investigations and lawmaker concerns Washington Post · Rachel Lerman
- Twitter Hacked in Bitcoin Scam blog.trendmicro.com · Mark Nunnikhoven
- What the Twitter Hack Coverage is Missing Save Journalism Committee · Jeremy Arnold
- Lawmakers zero in on Twitter following massive hack The Hill · Maggie Miller
- Twitter Says Hackers Targeted 130 Accounts in Recent Attack SecurityWeek · Ionut Arghire
- FBI Probing Twitter Hack Whose Victims Included Musk and Obama Bloomberg · Chris Strohm
- Google Pruning The Rich Results & FAQ/How To Schema Results? Search Engine Roundtable · Barry Schwartz
- No More Fancy Twitter Results in Google Search Following Yesterday's Hacks Droid Life · Tim
- The Great Twitter Hack has exposed the precarity of our online existence Financial Times · Richard Waters
- FBI called to probe Twitter amid fears of future hacks CoinGeek · Xeirus Marcel Sta. Ana
- Daily Crunch: Twitter hacked in crypto scam TechCrunch · Anthony Ha
- Twitter Announces New API and Establishes API Development Roadmap (Update: Launch Has Been Delayed) ProgrammableWeb.com · Kevin Sundstrom
- Twitter announces new API that opens more features to third-party apps 9to5Mac · Filipe Espósito
- FBI Investigates Twitter Hack Amid Broader Concerns About Platform's Security Wall Street Journal
- Twitter hack: FBI investigates major Twitter attack BBC
- The FBI is investigating the Twitter Bitcoin hack Engadget · Karissa Bell
- Twitter hack: FBI investigates major Twitter attack BBC
- Twitter hack raises questions about Jack Dorsey's role at company CNET · Richard Nieva
- The Twitter account hacks: a comprehensive timeline of events The Block · Larry Cermak
- Government Agencies Are Now on the Bitcoin Trail to Identify Twitter Hackers BitcoinExchangeGuide · AnTy
- Twitter Hack Of Kardashian, Obama And 130+ Other A-Listers Invites FBI Probe PYMNTS.com
- Approx. 130 Accounts Targeted in Twitter Hack, FBI Takes Over Case Cryptonews · Fredrik Vold
- Hawley Sends Letter to Jack Dorsey on Massive Twitter Hack, Asks for Cooperation with Federal Law Enforcement Agencies Senator Josh Hawley
- FBI moves in to investigate Twitter's massive Bitcoin hack Digital Trends · Trevor Mogg
- Bitcoin, The New Anonymous Identity Platform For Twitter Hackers? Trustnodes
Discussion
-
@twittersupport
@twittersupport
on x
Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.
-
@ronwyden
Ron Wyden
on x
In September of 2018, shortly before he testified before the Senate Intelligence Committee, I met privately with Twitter's CEO Jack Dorsey. During that conversation, Mr. Dorsey told me the company was working on end-to-end encrypted direct messages. https://twitter.com/...
-
@eamonjavers
Eamon Javers
on x
The critical failure in the most damaging attacks against the United States has been of imagination. In '01 and '16, we didn't anticipate that airplanes could be suicide missiles, or Facebook posts could manipulate democracy. These were zero-day attacks of social engineering. htt…
-
@eamonjavers
Eamon Javers
on x
This is interesting disclosure from Twitter, because it implies that although the attackers had access to “internal systems and tools” they weren't able to get into every account they targeted. 2 Q's: who else were they after, and: Why couldn't they get in? https://twitter.com/..…
-
@donie
Donie O'Sullivan
on x
Here's what Twitter is saying: https://twitter.com/... https://twitter.com/...
-
@ericgeller
Eric Geller
on x
Every answer raises more questions. What does “in some way” mean? Were some accounts used for things other than tweeting the Bitcoin scam? I foresee more stern lawmaker letters. https://twitter.com/...
-
@vpkivimaki
Veli-Pekka Kivimki
on x
You could be doing everything right, like have strong 2FA, but the threat could come from the inside. Not a good idea to have anything sensitive stored in your DMs or group chats. https://twitter.com/...
-
@campuscodi
Catalin Cimpanu
on x
More Twitter updates: Only 130 accounts were targeted in Wednesday's hack. https://twitter.com/...
-
@erikgroset
Erik Groset
on x
So there you have it, likely PlugWalkJoe behind the great Twitter hack of 2020. Not a state actor. If DM's are safe, remains to be seen. Guy clearly loves the spotlight and reselling things. https://twitter.com/...
-
@mikeisaac
Rat King
on x
twitter says roughly 130 user accounts targeted in Wednesday's hack — still no concrete word on DM's but you'd have to imagine if they had full acct access they had dm access. https://twitter.com/... https://twitter.com/...
-
@donie
Donie O'Sullivan
on x
#BREAK Twitter says approx 130 accounts targeted as part of hack. That's a lot more than the compromised accounts we know about. https://twitter.com/...
-
@dcbyron
David Byron
on x
“While it may sound ridiculous that anyone would be fooled into sending bitcoin in response to these tweets, an analysis of the BTC wallet... shows that on July 15 the account processed 383 transactions and received almost 13 bitcoin on July 15 — or approximately USD $117,000.” h…
-
@envirosec
Guido
on x
Talked to Brian Krebbs this afternoon about the link between the #twitterhack and the Dutch suspect. Looks like the original hacker had plans, but his friend, the Dutch ‘hacker’ KLITZ (who also defaced the account of politician @geertwilderspvv) came up with the BTC-scam plan. ht…
-
@katebevan
@katebevan
on x
My life's mission is to get people to stop using SMS for 2FA https://twitter.com/...
-
@starfire2258
Sean Hollister
on x
This is an interesting post. It also doxxes a real-life human being based on the word of a single unnamed source. That's extremely problematic. https://twitter.com/...
-
@taviso
Tavis Ormandy
on x
@colemankane @KarlShucks @dotMudge Ah, so all mitigations are really just as effective as any other, it's all the same? That's nonsense, some mitigations work and some are trash. SMS 2FA is trash, unique passwords actually work.
-
@derekdoestech
Derek B. Johnson
on x
Some interesting dot connecting, but curious what others think. A lot of it depends on the connections made through an anonymous mobile security industry source.
-
@karlbode
@karlbode
on x
So basically, the same SIM hijackers that have been bribing telecom employees for years bribed a Twitter employee to gain access to company internal tools that let them change account email addresses bypassing 2FA? https://www.vice.com/... https://twitter.com/...
-
@jack
@jack
on x
Tough day for us at Twitter. We all feel terrible this happened. We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened. 💙 to our teammates working hard to make this right.
-
@twittersupport
@twittersupport
on x
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
-
@twittersupport
@twittersupport
on x
You may be unable to Tweet or reset your password while we review and address this incident.
-
@tylerwinklevoss
Tyler Winklevoss
on x
WARNING: @Gemini's twitter account, along with a number of other crypto twitter accounts, has been hacked. This has resulted in @Gemini, @Coinbase, @Binance, and @Coindesk, tweeting about a scam partnership with CryptoForHealth. DO NOT CLICK THE LINK! These tweets are SCAMS.
-
@neal_katyal
Neal Katyal
on x
Imagine if this hack happened on November 3, with a different set of messages than one seeking bitcoin. https://twitter.com/...
-
@oneunderscore__
Ben Collins
on x
Sorry I'm not over this, but I've seen nothing to suggest that these hackers were prevented from seeing pretty much any account's DMs. From what I can tell, they did a password reset, which would leave them with full access to hacked accounts. They were in Elon Musk's for hours.
-
@5blocks
@5blocks
on x
Following yesterday's hack of prominent Twitter accounts, Google removed the search page feature showing individual Tweets for brands, presumably to avoid giving the hack exposure. Buckle up for short term fluctuations in search while Twitter restores order. attn: @rustybrick
-
@jack
@jack
on x
bitcoin @BubbaWallace https://twitter.com/...
-
@alexstamos
Alex Stamos
on x
There are many changes that Twitter can make to reduce the risk from customer service functions, such as creating two-person flows and performing risk-based auth. No coverage of this issue should ignore that major mobile providers are still struggling with stopping SIM swaps.
-
@joshconstine
Josh Constine -SignalFire
on x
The Twitter hack proves you don't need DeepFakes AI to start a world war, just an understanding of who people follow blindly
-
@alexstamos
Alex Stamos
on x
Also, it's impossible to describe the chaos inherent in dealing with the account lifecycle issues of the general public. The breadth of ways people lock themselves out of services that are critical to their lives is breathtaking, and we can't just ignore those folks.
-
@jason_koebler
Jason Koebler
on x
Twitter just locked my account and made me delete a tweet about how this hack worked
-
@ydklijnsma
Yonathan Klijnsma
on x
Leveraging @RiskIQ's datasets we have identified more infrastructure tied to the current cryptocurrency scammers impacting @elonmusk , @billgates, etc. This is research data, validate before taking action, it might identify new targets also. IOCs: https://pastebin.com/...
-
@alexstamos
Alex Stamos
on x
What we can do is to limit the exposure of high-risk accounts, create additional security friction and reduce the immediate impact of a successful account takeover (disabling data export and DMs for 24hrs, for example).
-
@duncan
Duncan Davidson
on x
🔒 If you leverage Twitter as an identity provider to log into other services, I think right now is a good time to re-evaluate that decision.
-
@alexstamos
Alex Stamos
on x
If we want our consumer-facing services to be more secure, we are going to have to accept more friction in our interactions with our important providers and not crush CSRs under metrics that only measure speed and customer satisfaction.
-
@twittersupport
@twittersupport
on x
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
-
@twittersupport
@twittersupport
on x
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We're looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
-
@jason_koebler
Jason Koebler
on x
we spoke to two hackers and we were able to independently verify they were in control of hijacked accounts today. One of them said they paid the Twitter employee to help them take over accounts; not sure on the specifics here at the moment
-
@jason_koebler
Jason Koebler
on x
Anyone who tried to change their password in the wake of the hacks yesterday is locked out and Twitter has given no timeline to recover their accounts https://www.vice.com/...
-
@twittersupport
@twittersupport
on x
We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.
-
@twittersupport
@twittersupport
on x
Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.
-
@twittersupport
@twittersupport
on x
We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.
-
@ericgeller
Eric Geller
on x
Per NYT, Twitter still doesn't actually know if the hackers got an employee's credentials by socially engineering them (as Twitter initially said) or bribing them (as @josephfcox later reported). https://www.nytimes.com/... https://twitter.com/...
-
@twittersupport
@twittersupport
on x
Internally, we've taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.
-
@neerajka
Neeraj K. Agrawal
on x
Here's a timeline of the hack that shows it starting with cryptocurrency accounts and fanning out from there. It supports my “idiots running wild” theory https://www.theblockcrypto.com/ ... https://twitter.com/...
-
@tsunamino
Danielle Leong
on x
This is actually a fairly normal support tool and often how support is able to diagnose problems. It's typically auditable and go through multiple layers of access checks. If anything, this shows you should always invest in internal tools for support https://twitter.com/...
-
@jamesrbuk
James Ball
on x
The Twitter hack feels like someone breaking into a bank vault and then just using their WiFi to send 419 scam emails. Its potential vs what they seem to have got from it just do not align.
-
@janaktvu
Jana Katsuyama
on x
Still waiting for answers from Twitter press team about the #twitterhacked investigation...How many accounts known to be compromised so far? When and how did Twitter become aware of this security breach? Will they be implementing any new safeguards? https://twitter.com/...
-
@carnage4life
Dare Obasanjo
on x
This is like being terrified that cashiers at your bank have access to your money. https://twitter.com/...
-
@susanthesquark
Susan Fowler
on x
It's completely terrifying that, from the sound of these tweets, employees can use internal systems and tools to access and control the accounts of some of the highest profile, most powerful people in the world. https://twitter.com/...
-
@twittersupport
@twittersupport
on x
This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.
-
@vitalikbuterin
Vitalik.Eth
on x
“Centralized backdoors are awesome and help keep society safe” https://twitter.com/...
-
@kantrowitz
Alex Kantrowitz
on x
I doubt Elliott would be a responsible steward of this platform. They are sharks with little interest in building healthy online experiences. https://twitter.com/...
-
@bobonmarkets
Robert Burgess
on x
Twitter's massive security breach ought to get investor Elliott Management active again https://www.bloomberg.com/... via @bopinion
-
@bopinion
@bopinion
on x
This security lapse serves as a reminder of Twitter's technical and business deficiencies. And unless serious changes are made, the outlook for the company isn't much better https://www.bloomberg.com/... https://twitter.com/...
-
@tayhatmaker
Taylor Hatmaker
on x
still no assurance that DMs weren't compromised https://twitter.com/...
-
@oneunderscore__
Ben Collins
on x
This doesn't really matter if they had full access to private message data, and it appears the hackers did. https://twitter.com/...
-
@billt
Bill Thompson
on x
Anyone who sends anything potentially confidential, sensitive, or even just vaguely embarrassing via Twitter DM is simply reckless. https://twitter.com/...
-
@zackwhittaker
Zack Whittaker
on x
New: Twitter says there is “no evidence” that the hackers, who broke into its internal network yesterday to spread a cryptocurrency scam, had access to user passwords. But the company is declining to say if user direct messages were accessed or read. https://techcrunch.com/...
-
Twitter
Twitter
on x
Introducing a new and improved Twitter API
-
@xamarinhq
Xamarin
on x
💙 this week's community stand up... It's all about the latest release of Xamarin.Forms 4.7 introducing a bunch of new APIs including multi-bindings, themes, and a new drawing API for paths and shapes! It's tons of fun (and informative, of course). 👀 https://www.youtube.com/... ht…
-
@rlux
Rachel Luxemburg
on x
So glad the hack didn't derail this launch! https://techcrunch.com/...
-
@somospostpc
Alex B
on x
The new Twitter API is mostly a backend rewrite that doesn't change anything in relation to 3rd party clients, data federation or nothing that was expected as the “opening” promised back *in 2015* https://techcrunch.com/...
-
@martinsfp
Martin Sfp Bryant
on x
I wondered if the hack would affect the launch of Twitter's API overhaul. And it has, kind of. They're properly launching it next week, but have gone ahead with the announcement today: https://techcrunch.com/...
-
@elaczi
@elaczi
on x
This is great news, especially for 3rd party apps like @tweetbot. 🤞😀 https://twitter.com/...
-
@pinboard
@pinboard
on x
With the FBI poking around Twitter, it's a good time to remind people—don't have sensitive conversations in Twitter DMs. Move that stuff to Signal. You don't know who'll be in charge of Twitter five, ten, or twenty years from now. Remember the example of LiveJournal. https://twit…
-
@dnvolz
Dustin Volz
on x
New: FBI is probing the Twitter hack, people familiar with the investigation said, amid growing concerns vulnerabilities within the company's systems could pose broader risks to international security. Senate Intel has also asked Twitter for a briefing. https://www.wsj.com/...
-
@b52malmet
Barbara Malmet
on x
Exclusive: U.S. FBI is leading an inquiry into the Twitter hack, sources say- notable that Trump wasn't hacked. https://www.reuters.com/...
-
@magmill95
Maggie Miller
on x
Reuters is reporting that the FBI is leading an investigation into the Twitter hacking incident last night, while New York Gov. Cuomo just separately directed the state to look into the incident: https://www.reuters.com/...