Michael Crider is a veteran technology journalist with a decade of experience. He spent five years writing for Android Police and his work has appeared on Digital Trends and Lifehacker. He’s covered industry events like the Consumer Electronics Show (CES) and Mobile World Congress in person. Read more.
Someone logged into your Twitter account, and that someone isn’t you. They’re probably a spammer hoping to inundate your followers with junk, or maybe a “hacker” (in a very loose sense) being paid to follow other accounts. It’s just possible that they’re intentionally targeting you and hoping to make you look bad. Whatever the circumstance, you want to kick them off your account on the double. Here’s how.
Step One: Keep An Eye on Your Email
Twitter’s no stranger to hijacking attempts, so the company has a few internal triggers to detect unusual behavior. One of them is an email notification for any new login via the web or a Twitter app. It will look something like this:
Now, since I live in Texas and I don’t own an iPhone, odds are pretty good that whoever has logged in from Kolkata via the Twitter iPhone app isn’t me. It’s time to do a little basic security.
Of course, this step (and changing your password) won’t help if someone has also gained access to your email account. But if that’s the case, you have bigger things to worry about than Twitter.
Step Two: Change Your Password
This step should be pretty obvious. Before you do anything else, change your password. Open up the Twitter website from a desktop or laptop browser. (you can do it from your phone as well, it’s just a bit cumbersome: open Twitter.com in “desktop view” and zoom in.)
Click your profile icon in the upper-right corner, then click “Settings and privacy” in the pop-up menu. Click “Password” in the left-hand column.
Type your current password in the first field, then your new password in the second and third fields. If you need some pointers on a more secure password (and you just might, since your account was just hijacked), check out this How-To Geek guide on the subject.
Step Three: Revoke Access to Existing Sessions
Unfortunately, changing your password won’t automatically log out apps and browsers that are already logged in, even though they did so using outdated login credentials.
From the Settings and privacy menu, click “Your Twitter Data” in the left-hand column. You’ll need to enter your password again, then click “Confirm.”
This page will show you all of your various personal data, as well as your login history. Scroll down to the middle of the page to the section labelled “Login history.” Click the link for “See your last 45 logins.”
In this view you can see the last 45 times that Twitter apps or websites used your saved credentials to access the service. (Each one isn’t necessarily a full “login,” with name and password, because most apps save that data.) In my view, I can clearly see two logins from our mystery iPhone user in India, on September 6th and again on September 9th. Remember that “Twitter for iPhone” information: that’s what we want to know.
Click “Apps” in the left-hand column. This will open a list of all the websites and apps that you’ve authorized to access your Twitter account and data. Of course, in this case, it wasn’t you who authorized the access.
Find the app or service that you identified as the point of access for the intruder from the “last 45 logins” page, and click the “revoke” button. In my case, it’s the “Twitter for iPhone” app. Don’t worry if it’s also coincidentally one of the apps that you use yourself—you’ll simply have to log in again from your own device, and this time with your newer, tougher password.
Step Four: Clean Up Your Account
Now it’s time to undo whatever shenanigans that stranger got up to while he or she had access to your account. Check the following for anything you don’t remember yourself doing:
- New tweets and replies
- New “moments”
- Private messages
- Favorites and “likes”
- Newly-followed accounts
Newly-followed accounts and private message spam are likely to be the most common additions to your account, since they’re the most effective means of nefarious advertising and paid followers, respectively. Once you’ve scrubbed those tweets raw like Momma scrubbing a permanent marker “tattoo” off your hands with dishwasher soap, your account should be back to normal.
If you want to prevent this from happening again, you might want to add two-factor authentication to your Twitter account, among other security precautions. Check out this How-To Geek guide on the topic.
Kirsty woke up to find that someone else had taken control of her Twitter account. I tell her how to get it back.
You have to fix this immediately. When someone else is sending out tweets and DMs under your name, you’re in danger of losing your credibility.
The first thing you need to do is try to log onto Twitter. If you can do that, change your password. This will stop the Twitter thief in his or her tracks, and regain you control of your account–if the thief hasn’t already changed the password and locked you out.
[Email your tech questions to [email protected].]
If you can log onto Twitter in your browser, click the tool icon in the upper-right corner and select Settings. Click Password on the left pane, then enter your old and new passwords. And please, make your new password is a strong password.
If you can change the password, you have my permission to sigh with relief. But your work isn’t over. Keep reading.
If you can’t log on or change your password, you’re going to have to go through Twitter’s customer service and submit a Support request. See the service’s own My account has been hacked page for details.
Once you’ve changed the password–either on your own or with Twitter’s help–send out a tweet apologizing to your followers. Explain to them that those tweets weren’t yours.
Then delete all of the tweets you didn’t send.
Next, block all third-party apps from accessing your account. Click Apps on the Settings page’s left panel. Click Revoke access for every application. You can reactivate them later.
As added protection, setup Login verification:
- Click Mobile on the left pane.
- Click the add a phone link. Enter your cell number and click Activate phone. Follow the resulting directions (you’ll be asked to text something).
- Look at the phone options and uncheck any that may invade your privacy or become annoying (I unchecked everything).
- Click Save changes.
- Click Account on the left panel.
- Scroll to the bottom and, in the Login verification section, select Send login verification requests to [your phone number]. Let them send you a test message and respond appropriately.
Now about those apps. Go back to the Apps section and click the Undo Revoke Access buttons for each app–or at least the ones you actually use.
Next, change your password for those apps–especially the ones on your tablet and phone. Unfortunately, thanks to login verification, this will be a bit more complicated than it used to be, and requires a PC handy:
- On your PC, on Twitter’s Settings page, return to the Password section and click the Generate button. A numeric code will appear on the screen.
- On your mobile device, launch your Twitter app and tell it you need to change the password. But instead of entering the new (or old) password, enter the numeric code displayed on your PC.
Have you noticed unexpected Tweets by your account? Have you seen unintended DM’s (direct messages) sent from your account? Maybe you observed other account behaviors you didn’t make or approve (like following, unfollowing, or blocking). If so, your Twitter account is likely compromised and being used to spread what’s coined “the DM virus”.
If you can still log into your Twitter account, here are some steps you can take to stop spreading the virus and regain control of your account.
How the Twitter DM Virus works
A spammer hacks into someone’s account that you follow and sends you a direct message (Twitter’s version of an email). The DM contains a link –with a short eye-catching note aimed at grabbing your attention. Since the DM appears to come from a trusted follower —it’s often mistaken as a safe link —but it’s not.
If you have received a message like this from one of your followers it’s likely that their account has been compromised by spammers, and the once your click on the infected link, you could find your account, and your identity, hijacked by the spammer. It often appears as though you were innocently bumped off Twitter, and you find yourself back at the Twitter login page. Trouble is, it’s a fake Twitter page and once you input your password, you’ve effectively turned full control of your account over to the spammer who is now free to spread the virus to your friends.
With full control of your account, the spammer can easily change your password, your email address and your very identity with just a few keystrokes. He or she can then follow, unfollow, block, unblock, tweet and send DM’s —as well as the virus—as you.
So what can you do to fix the problem?
If someone has compromised your Twitter account, and you can still log in, follow these steps to regain control;
Sign in to Twitter. Click your username and choose the “Settings” option, and then click on change password. Input your current password, then pick and confirm a new password and click “Change.” Make sure you pick a strong password.
Select the “Applications” tab. Scroll through the list of applications you’ve enabled access to your Twitter account. Choose the “Revoke Access” button next to any applications you don’t recognize.
Create a new tweet. Inform your followers that you have recently been hacked and not to click on any links that come via DM or appeared to come from your account. Inform them, however, that you have since taken back control of your account and your account is now clean.
Delete any unwanted Tweets that were posted while your account was compromised.
Once you have completed these steps, it’s a good idea to scan your computer for any viruses and malware, especially if unauthorized account behaviors continue to be posted after you’ve changed the password.
If your password has been changed and you can’t access your account, visit the Twitter Troubleshooting page.
If you followed these steps and still have issues with your Twitter account, you can file a Support Request with Twitter and ask for more assistance
Visit Twitter’s Safe Tweeting page for more information on how to avoid hacking and phishing scams.
Rob Woodgate is a writer and IT consultant with nearly 20 years of experience across the private and public sectors. He’s also worked as a trainer, technical support person, delivery manager, system administrator, and in other roles that involve getting people and technology to work together. Read more.
If you’re worried someone has access to your Twitter account, or you want to make sure old devices are no longer logged in, you can log every device out of your account at once. Here’s how to make that happen.
We’ve previously covered how to regain control of a hijacked Twitter account, but sometimes you just want to make sure that every device and user is logged out of your account. This might be because you’re selling an old device, or maybe it’s a corporate account, and you want to make sure that former employees aren’t still logged in.
Whatever the reason, there’s a simple way to log out all users and devices.
The process is precisely the same whether you are using the Twitter web app or the Twitter mobile app on iPhone, iPad, and Android, with one tiny exception. If you are using the Twitter web app, you need to click on “More” in the menu on the left-hand side.
This will bring up the menu options you need.
If you are using the Twitter mobile app, you need to open the overflow menu located to the left of the main feed. You can do this by tapping on the hamburger menu icon in the top-left corner or by swiping right from the left edge of the screen.
From here, everything is the same in both the web app and the mobile app. Click or tap on the “Settings And Privacy” button.
In the Settings menu, select the “Account” option.
Scroll down to the “Data And Permissions” section and click or tap “Apps And Sessions.”
Under the Sessions heading, there will be a list of every device with access to your account. Select “Log Out All Other Sessions” to log all devices out.
In the confirmation panel that opens, click or tap the “Log Out” button.
That’s it; you’re done. Any other device that wants to access your Twitter account will have to log back in.
If you’re concerned that someone has the password who shouldn’t, change your password immediately. If you don’t, they’ll just be able to log straight back in again. We also recommend you turn on multi-factor authentication so that even if someone gets ahold of your password, they still can’t log in without having access to your phone.
Everyone who uses online accounts and surfs the internet is vulnerable to hacking. It can happen when you least expect it. You follow a link or download a file, and all of a sudden, you are locked out of your Twitter account.
Hackers have many different methods of gathering information about a user, breaking their security codes, and taking hold of their private profiles. Keep reading to find out how to tell whether your Twitter account got hacked and what to do if it did.
How to Tell If Your Account Got Hacked
Most hackers like to stay hidden when they hack a Twitter account so they can compromise more accounts further on down the road. We all remember those click-bait messages from a friend inviting you to download a file or click on a link. If you see those, your account could be compromised.
Most of the time, Twitter users find out about weird messages sent from their account from their followers. If you are lucky enough, your online friends will tell you about the problem, so you can get rid of the hacker before the situation gets out of hand. Being hacked may not be that big of a problem for a private profile, but if you’re using a company account, the damage could be massive. That’s why you should take action the moment you get a feeling something is not right.
What to do When Your Account Gets Hacked?
Once you make sure that your Twitter account got hacked, to the first thing you should do is reset the user information.
Reset the Account
If your account got hacked and you can’t log in anymore, ask for a password reset. Click on the link in the email you receive, and if you still can’t log in, submit a support request. Select “hacked account” from the available options and enter the email you use for your Twitter account.
Twitter will send you an email with more instructions and information, and you’ll have to provide your username and the time when you used your account last. Twitter will reset the password, and you should be able to re-log right away. Change your password immediately when you log in and secure your email address. You can also change your email address, to make sure that your account is safe.
Inform Your Fans About the Situation
Use other social media platforms to tell your followers that your Twitter account got hacked. Explain what happened and tell everyone that you are trying to get the situation resolved. At least some of your followers will know not to reply to messages coming from your hacked profile.
Tell Your Customers the Truth
If you’re using Twitter to conduct business, make sure you tell your customers that your account got hacked and that you are doing everything you can to regain control. That’s important in case they got offensive messages or links from your account.
Be One Step Ahead of the Hackers
You should do everything you can to let people know that your account was hacked the moment you realize it. That way, everyone will ignore the requests and messages they get from your hacked account. They will be able to protect themselves, and you can laugh it off together later on when the situation reverts to normal.
What to Do to Protect Your Twitter Account
The best thing you can do about a hacked Twitter account is to prevent it from happening in the first place. Keep your account safe by using a unique, strong password. Here is how to create a password that’s hard to hack:
Password Creating Tips
- Make your password at least ten characters long.
- Mix upper case and lower case letters, add some numbers and symbols if possible.
- Use different passwords for each website.
- Keep a list of all your passwords in a safe place.
- Use birthdays, phone numbers, and other personal information in your passwords.
- Use common words.
- Use keyboard sequences like “qwerty” or “1234abcd” and similar patterns.
- Use the same password on all websites. Make a unique password for your Twitter account.
Enable Login Verification
Login verification can significantly increase safety of your Twitter account. It is a type of two-factor authentication. You will need to enable it in your account settings. You’ll also have to provide a verified email address and phone number.
Log into Twitter Safely
Login verification makes it almost impossible for hackers to take control of your Twitter account. You should also consider improving your password if you want to minimize the chances of getting hacked.
One of the scariest things that can happen in our online lives, is to lose control of our email account.
With our email account controlled by another, they may get information about your banking, your bills, and many facets of your digital life.
A nefarious person can ask for password resets on other accounts you have, and those resets are sent to the email they control.
Note: To send a link to this page to a friend,
use this shortened link : http://bit.ly/10o8Xl1
More details about how account passwords are obtained are in the column. It should be available online around April 4, 2013.
After this break, we’ll discuss how to know if an email account has been hacked, how to get control back, and what to after you have regained control.
How do you know if your email account has been hijacked?
If your email account refuses to let you in, and you know you entered the correct user name and password, then someone else may have taken over control of your email account.
How do you know if a friend’s email account has been hijacked?
When someone takes over another person’s email account, often they use it to send out emails to the account owners contacts.
You might receive an email from them asking for money
Here is one I actually received supposedly from my friend :
Hi, I really don’t mean to inconvenience you right now but I made a quick trip to the United Kingdom and I lost a bag which contains my passport and credit cards. I know this may sound odd, but it all happened very fast. I’ve been to the embassy here and they’re willing to help me fly without my passport but I just have to pay for my air ticket and settle some bills at the hotel. Right now I’m out of cash plus i can’t access my bank without my credit card over here. I have contacted them but they need more verification. I’m just gonna have to plead with you to lend me some funds right now? I’ll pay back as soon as I get home. I need to get on the next available flight home. I am in a hotel in London now. Please reply as soon as you get this message so I can forward the details as to where to send the funds.
Thanks a lot
Notice the email does not address you by name. It was sent to everyone in their address book, not just to you.
When I received this, I knew the person was not overseas. But you can see how if this is sent to a hundred friends of a hundred people, someone in that group of 10,000 will likely send money.
Had I responded to the email, I’d likely have been given the name of a helpful person at the embassy to send the money via Western Union.
If you receive an email like this, and wonder if maybe it might be valid, respond and ask the person to verify their identity. Ask them something they would know, but not something that might be in one of their emails. For example, asking the person the name of their minister might not be good; there are likely emails to or from the minister in their saved emails.
Instead, ask them where the two of you ate lunch at together last. Something like that.
Most likely though, it will be a con. Ignore it, other than to let it be a flag that your friend’s email has been hacked.
They might send an email with malware attached
One use of a compromised email account is to use it to send out malware.
We are all fairly well educated now not to open files attached from random emails we get. However, we are likely to let our guard down when we receive an email from a friend.
Attachments might install Trojan horses on our PCs that will send the keystrokes we type back to the hacker. These keystrokes might include our passwords to our bank account, and account numbers of credit cards.
There might not be an attachment but instead a link to a website. When we go to that website, malware can be installed by exploiting weaknesses in our web browser.
Often these emails are short, and not specific.
They’ll have subjects like “This is hilarious”, and just a link in the body.
Or they will use sex to entice you. The subject might say “Have you seen this hot video?” and then the body of the message contains just a link.
Be dubious of any message that does not address you by name, and is about a general topic; not something you normally interact with that person about.
Your friend’s account might be compromised. Now what?
Well, obviously you cannot email them.
And you really cannot rely on sending them a message Facebook or chat. Once someone has access to an email account, they can ask other services like Facebook for password resets, thus gaining control of those accounts too.
And if this began with the person losing their phone, then even Text messaging is dubious.
The best thing is to let them know in person. Or by phone, if you are sure you’ll recognize their voice.
How to regain control of your hijacked account.
- Have you forgotten your username?
- Have you forgotten your password?
Or, and this varies, has your account been compromised?
Nogen er logget ind på din Twitter-konto, og at nogen ikke er dig. De er nok en spammer, der håber at overvinde dine tilhængere med junk, eller måske en “hacker” (i meget løst forstand) bliver betalt for at følge andre konti. Det er bare muligt, at de målrettet målretter mod dig og håber at få dig til at se dårligt ud. Uanset omstændighederne, vil du sparke dem fra din konto på den dobbelte. Sådan er det.
Trin 1: Hold øje med din email
Twitter er ikke fremmed for at kapre forsøg, så virksomheden har et par interne udløsere til at registrere usædvanlig adfærd. En af dem er en e-mail-besked til ethvert nyt login via internettet eller en Twitter-app. Det vil se sådan ud:
Nu, da jeg bor i Texas, og jeg ikke ejer en iPhone, er odds ret gode, at den, der har logget ind fra Kolkata via Twitter iPhone app, ikke er mig. Det er på tide at lave en lille grundlæggende sikkerhed.
Selvfølgelig hjælper dette trin (og ændring af dit kodeord), hvis nogen også har fået adgang til din e-mail-konto. Men hvis det er tilfældet, har du større ting at bekymre dig om end Twitter.
Trin to: Skift dit kodeord
Dette trin skal være ret oplagt. Før du gør noget andet, skal du ændre din adgangskode. Åbn Twitter-webstedet fra en stationær eller bærbar browser. (du kan også gøre det fra din telefon, det er bare lidt besværligt: Åbn Twitter.com i “desktop view” og zoom ind.)
Klik på dit profilikon i øverste højre hjørne, og klik derefter på “Indstillinger og privatliv “i pop op-menuen. Klik på “Password” i den venstre kolonne.
Indtast din nuværende adgangskode i det første felt og derefter din nye adgangskode i det andet og tredje felt. Hvis du har brug for nogle pointers på en mere sikker adgangskode (og du kan bare, fordi din konto lige blev kapret), se denne vejledning til vejledning i emnet.
Trin tre: Tilbagekald adgang til eksisterende sessioner
Desværre ændrer du ikke adgangskode til apps og browsere, der allerede er logget ind, selvom de gjorde det ved at bruge forældede loginoplysninger.
Klik på “Dine Twitter-data” i venstre side i menuen Indstillinger og privatliv. håndkolonne. Du skal indtaste dit kodeord igen og derefter klikke på “Bekræft.”
Denne side viser alle dine forskellige personlige data samt din login historie. Rul ned til midten af siden til afsnittet “Login history.” Klik på linket “Se dine sidste 45 logins.”
I denne visning kan du se de sidste 45 gange, at Twitter apps eller hjemmesider brugte dine gemte legitimationsoplysninger for at få adgang til tjenesten. (Hver eneste er ikke nødvendigvis en fuld “login” med navn og adgangskode, fordi de fleste apps gemmer disse data.) Efter min mening kan jeg tydeligt se to logins fra vores mystery iPhone bruger i Indien den 6. september og igen 9. september. Husk at “Twitter for iPhone” -information: Det er det, vi vil vide.
Klik på “Apps” i venstre kolonne. Dette åbner en liste over alle websteder og apps, som du har autoriseret til at få adgang til din Twitter-konto og data. Selvfølgelig, i dette tilfælde var det ikke dig, der godkendte adgangen.
Find den app eller tjeneste, du identificerede som adgangspunkt for indtrengeren fra siden “sidste 45 login” , og klik på knappen “tilbagekald”. I mit tilfælde er det appen “Twitter for iPhone”. Du skal ikke bekymre dig om det også er tilfældigt en af de apps, du bruger dig selv. Du skal bare logge ind igen fra din egen enhed, og denne gang med dit nyere, hårdere kodeord.
Trin fire: Ryd din Konto
Nu er det på tide at fortryde, uanset hvad den fremmede var kommet til, mens han eller hun havde adgang til din konto. Se efter, hvad du ikke kan huske dig selv:
- Nye tweets og svar
- Nye “øjeblikke”
- Private meddelelser
- Favoritter og “likes”
- Nyligt fulgte konti
Nyligt fulgte konti og privat besked spam er sandsynligvis de mest almindelige tilføjelser til din konto, da de er de mest effektive midler til henholdsvis falske reklamer og betalte tilhængere. Når du har skruet disse tweets rå som Momma, der skrubber en permanent markør “tatovering” ud af dine hænder med opvaskemaskine sæbe, skal din konto være normal.
Hvis du vil forhindre dette i at ske igen, kan du tilføje tofaktorautentificering til din Twitter-konto, blandt andre sikkerhedsforanstaltninger. Tjek denne How-To Geek guide om emnet.
Hvis du vil give illusionen om at du er hjemme, når du virkelig er på ferie, har dine Phillips Hue-pærer nu en De bedste eksperimentelle egenskaber I Philips Hue’s New Labs-sektion Historisk var det en smule smerte at konfigurere dine Hue-lys til at gøre efterligne et helt hus tilstedeværelse. I begyndelsen måtte du enten stole på tredjeparts løsninger eller arbejde hårdt op med din egen liste over timere til alle dine forskellige lys.
PowerShell Remoting giver dig mulighed for at køre PowerShell-kommandoer eller få adgang til fuld PowerShell-sessioner på eksterne Windows-systemer. Det ligner SSH for at få adgang til eksterne terminaler på andre operativsystemer. PowerShell er som standard lukket, så du skal aktivere PowerShell Remoting før du bruger den.
Scammers managed to make off with more than $430,000 in Ethereum (ETH) and NFTs after hacking the Twitter account of American digital artist Mike Winkelmann, better known as “Beeple,” early Sunday morning.
MetaMask security analyst Harry Denley first alerted users of the scheme, which used two phishing domain links for malicious campaigns targeting Beeple’s more than 670,000 followers.
$430,000 Stolen Via Two Phishing Links
Cybercrooks capitalized on the NFT artist’s recent digital art collaboration with luxury fashion juggernaut Louis Vuitton by creating a phishing link disguised as a legitimate raffle on Beeple’s Twitter account. Winkelmann had crafted 30 NFTs for Louis Vuitton’s “Louis The Game” mobile game, which were meant to be rewarded to players.
Scammers saw the opportunity and posted a fake raffle entry costing 1 ETH per person on Beeple’s hijacked Twitter account. The money would allegedly be refunded if the user did not win the raffle. “Been working on this with LV for a long time behind the scenes. 1000 total unique pieces,” the scammers tweeted via Beeple’s account. “Official Raffle Below. 1 ETH = 1 Raffle Entry.”
Once a follower clicked the link, they were taken to a fraudulent domain designed to siphon cryptocurrency from users’ wallets. According to Denley, the phishing links lead to a “721” contract with a “mint(),” function — which is designed to immediately withdraw funds.
Soon after this was posted, Denley and several of Beeple’s followers reacted by warning others that this was an ATO (Account Take Over). “Beeple’s Twitter account has been compromised (ATO) to post a phishing website to steal funds,” Denley tweeted. The Louis Vuitton scam resulted in the theft of about $72,000 in ETH.
Second phishing link nets $365,000
While the first link scooped up ETH coin-by-coin, a second more sophisticated phishing link was tweeted that prompted users to send ETH to an external account. While the details of the second link aren’t all known, the tweet claimed to be selling 200 unique, limited edition NFTs from Beeple’s “Spring/Summer Collection 2021.”
According to Denley, this scheme targeted users with the “setApprovalForAll(),” function via a malicious Discord server, netting scammers about $365,000. The “setApprovalForAll()” function is especially dangerous because if a user is tricked into signing it, it can allow anyone to control NFT transfers.
Scammers then sold stolen NFTs on the OpenSea platform and deposited stolen ETH into a crypto mixer in an attempt to launder the gains.
Beeple Regained Control
Security researchers are still investigating the full extent of the case and there are no further details present about how exactly Winkelmann’s account was hijacked. “ugh we’ll that was a fun way to wake up,” Winkelmann tweeted once he gained back control of his account. “Twitter was hacked but we have control now.”
Beeple also reminded users to be wary of online crooks. “Stay safe out there, anything too good to be true IS A [expletive] SCAM,” Beeple tweeted.
One of Beeple’s followers known as Zeneca.eth — founder of NFT and Web3 space “@ZenAcademy” — underlined the importance of not clicking on links or connecting a wallet to a website without verifying through multiple sources first.
In a response to Zeneca, the founder of internet company “@unmetaverse” MILK disclosed five tips on how to avoid NFT and cryptocurrency scams, such as closing DMs properly, not clicking on public links, and avoiding the use of hot wallets.
Several of Beeple’s followers fell victim to the scam, and some are placing the blame on Beeple himself. “Ok and now what? How you compensate your followers man? I Lost a NFT on your scammed Twitter page that cost 5 ETH floor,” user @DrZundapp_ wrote, adding that he might take Beeple to court.
Beeple did not respond to the scrutiny directly, but thanked the CEO of Vayner Media Gary Vaynerchuk for helping him regain control of his account. Later in the day, Beeple posted an NFT entitled GIFT GOAT to all of his followers, possibly a way of showing appreciation, user @cryptony8055 remarked.
Mike Winkelmann is considered to be a trailblazer in the NFT realm. In 2021, he sold one of his digital artworks to Christie’s — one of the world’s most renowned auction houses — for $69.3 million.
A milestone in the sale of digital art, the NFT is a unique digital latticework comprising 5,000 digital images that took Winkelmann 13 years to craft. The artwork now heralds groundbreaking opportunities for the London-based auction house and has effectively immortalized the NFT sector.
Socially engineered scams can be a nightmare, and this isn’t the first time hackers have used Twitter to steal cryptocurrency. To protect your assets and avoid the ever-growing threat of digital theft, make sure to check out our guides on cryptocurrency and NFT scams.
Followers of popular technology weblog Gizmodo have been faced with some very offensive tweets coming from the site’s Twitter account on Friday.
Many have accurately surmised that the account has been hijacked, and Gizmodo immediately started an investigation into how it happened.
First, they believed that former employee Mat Honan was responsible for the tweets, as the messages seemed to be coming from his Twitter account, which was liked with Gizmodo’s.
And they were partially right: the tweets were coming from there, but were not written by Honan. As it turns out, his Twitter account has also been compromised by the same attackers.
They call themselves “Clan VV3” and have, in the past, hijacked a number of high-profile Twitter and YouTube accounts.
Gizmodo has, fortunately, managed to regain control of their own Twitter account very soon and has already deleted the offending messages, but Honan hasn’t been so lucky: his Twitter account has been suspended for much longer, his Gmail account deleted, his iPhone, iPad and Macbook wiped clean.
As it turns out, the hackers managed to get access to his iCloud account and from there to his Gmail and Twitter accounts. He initially thought that the hackers managed to brute-force their way into iCloud, but has since discovered that wasn’t the case.
“Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions. Apple has my Macbook and is trying to recover the data. I’m back in all my accounts that I know I was locked out of,” he wrote on his blog.
While he obviously couldn’t have prevented the iCloud compromise, he admits that the Google account is another matter, as he hasn’t set up two-factor authentication which would have prevented it being breached, and likely prevented the compromise of his Twitter account and that of Gizmodo.
Its very embarrassing for someone to gain access to your account and begin asking your Facebook friends for Airtime (recharge cards); something far beneath you. The rate at which people’s Facebook accounts get hacked / hijacked is on the rise and they are at fault in many cases. I’ve been receiving emails from members asking how to regain control of their compromised Facebook accounts so I thought to put together this brief guide.
How did my Facebook account get hacked?
The most likely way your account got hacked is phishing. Phisphing is when you receive an SMS or email from a malicious source (claiming to be Facebook) providing a URL which when clicked, prompts you to supply your Facebook credentials. Using the same password for multiple online accounts could be another cause.
How do I know that my Facebook account has been hacked?
You would usually be unable to login to your account using your previous credentials or begin seeing strange messages / posts by your account.
How do I regain access to my Facebook account?
- The first thing you should do is change the password to your email account
- If you notice strange wall posts by your account, its probably some app you granted access to your Facebook account. Navigate to Settings > Apps and delete any strange App, Website or Plugin on the list
- If a hacker has locked you out of your account, try using the Forgot password link on the login page to regain access.
- If the password reset code feature gets temporarily disabled because you and the hacker have been at a tug of war then you should now see a link prompting you to temporarily lock your account if you think it has been hacked. You will however need to answer your security question correctly to proceed with account recovery
I regained access to my Facebook account but it got hacked again shortly after. How did this happen?
One technique a hacker could use to re-hijack your Facebook account is to have added his / her email address under General Account Settings > Account after the first hack. This way, the hacker can initiate a valid password reset using his / her email address already added to your account recovery options. Once you regain access, you should lookout for any strange email address or phone number in your account recovery setting and delete. Also ensure you change your email account’s password.
If you’re still having trouble regaining access to your hacked Facebook account then post a comment and Team Hovatek will gladly help out.
Surely my friends were aware my Instagram account was taken over by someone else when they started to receive messages to invest in cryptocurrency.
More and more, I’ve seen accounts fall victim to these crypto scammers who try to lure users’ followers into their cyber scheme.
But never did I think my account would fall victim to them as well.
When attempting to use the Instagram app on March 4, 2022, I was locked out of my account with my password, email, phone number and username all changed.
I immediately tried not to panic, thinking that Instagram was a well-established company with a framework to help users recover their accounts.
But this is not entirely the case.
The platform, with over 2 billion monthly users, has no customer service support team to help users with any difficulties. Instead, they provide a limited help center with short answers to frequently asked questions.
After experiencing the many frustrations of not being able to log back in, I finally regained access back into my account, so here is my experience with how I recovered my Instagram account in less than 36 hours.
Using the Faq page
Firstly, I went to the FAQ page that offers a few steps to take if you suspect your account is hacked. The first option is to send a login link to either your email address or phone number. This step immediately worked, and I received a login link. However, as soon as I logged back into my account and changed my password, I was locked out once again as the hacker still had access. I attempted to receive another login link but had no success. The hacker changed all of my contact information, so any request for a link would go to them rather than me.
The FAQ page’s next option is to request a code sent to your email or phone number. Once again, since my account was no longer linked to any of my contact methods, this was unhelpful.
The third option was to use a two-factor authentication code from a third-party app. Since I hadn’t set this authentication up, and my hacker had already decided to set it up with their information, this didn’t help either.
the selfie video
The final, last-ditch effort offered by Instagram is sending them a video selfie along with a secure email address that they can contact you with. Similar to setting up a Face ID on an iPhone, I had to show different angles of my head to confirm I was a real person and the account belonged to me. According to Instagram, the company doesn’t use facial recognition but instead has humans review the video selfies to authorize access to accounts.
It is worth noting that this technology was super glitchy. The first few times I tried to follow the on-screen instructions, my phone froze and didn’t accept my submission. Also, this method only works if you have photos on your account to verify your video with.
After submitting a couple of videos, I received emails from Instagram saying they could not recognize my face. The great thing about this method is that you can submit as many videos as you please for them to review. It took around 12 video selfies in about 24 hours for them to finally verify my account. I then received an email containing a link to change my password and regained full access to my account.
One thing that set me back significantly and would have allowed me to regain access to my account much sooner was Instagram restricting my attempts to log in to my account. When I tried to log in with the phone number I set the account up with, I was given a “Please wait a few minutes before you try again” message. Unfortunately, this message didn’t go away even after a few minutes. It was only after 24 hours that I was allowed to try again and submit another request for a selfie video.
how to avoid getting hacked
Getting hacked is in no one’s best interest, but sometimes things happen out of our control. The best way to avoid getting hacked is by setting a strong password and setting up two-factor authentication. Having two-factor authentication set up allows you to use an authentication app or receive an SMS code so that you bypass all of the other methods that may have been compromised.
Also, make sure to check the “Accounts Centre” tab in your Instagram app’s settings and remove any linked accounts that you don’t recognize. This will help to make sure only you have access to your account, and no one else has gained access without you knowing.
Někdo se přihlásil do vašeho účtu Twitter a že někdo není vy. Jsou to pravděpodobně spammerové, kteří doufají, že zaplaví vaše následovníky s nevyžádanou poštou nebo možná hacker (ve velmi volném slova smyslu), který bude platit, aby následoval další účty. Je jen možné, že se na vás cílevěle zaměřují a doufají, že budete vypadat špatně. Bez ohledu na to, co chcete, vyhrajte z účtu dvojitý účet. Zde je návod.
První krok: Udržujte oko na vašem e-mailu
Twitter není žádný cizinec k pokusům o únos, takže společnost má několik interních spouštěčů k odhalení neobvyklého chování. Jedním z nich je e-mailové upozornění pro jakékoli nové přihlášení prostřednictvím webu nebo aplikace Twitter. Bude to vypadat takto:
Nyní, protože žiji v Texasu a nemám iPhone, kurzy jsou docela dobré, že kdokoliv se přihlásil z Kolkata prostřednictvím aplikace Twitter iPhone, nejsem to já. Je čas udělat trochu základní zabezpečení.
Tento krok (a změna hesla) samozřejmě nepomůže, pokud někdo také získal přístup k vašemu e-mailovému účtu. Ale pokud tomu tak je, máte větší starosti než Twitter.
Druhý krok: Změňte heslo
Tento krok by měl být zjevný. Než uděláte něco jiného, změňte své heslo. Otevřete web ze služby Twitter ze stolního nebo přenosného prohlížeče. (můžete to udělat i z telefonu, je to trochu těžkopádné: otevřete Twitter.com v zobrazení “desktop” a přiblížíte se.)
Klikněte v pravém horním rohu na ikonu profilu a klikněte na “Nastavení a soukromí “v rozbalovací nabídce. V levém sloupci klikněte na “Heslo”.
Zadejte své aktuální heslo do prvního pole a nové heslo ve druhém a třetím poli. Pokud potřebujete nějaké ukazatele na bezpečnější heslo (a vy jen byste mohli, protože váš účet byl jen unesený), podívejte se na tuto příručku How-To Geek na téma
Krok třetí: Odvolání přístupu ke stávajícím relací
Bohužel změna hesla automaticky nezruší odhlášení aplikací a prohlížečů, které jsou již přihlášené, a to i přesto, že používají zastaralé přihlašovací údaje.
V nabídce Nastavení a ochrana osobních údajů klikněte v levém dolním rohu na tlačítko ” ruční sloupec. Budete muset znovu zadat své heslo a pak kliknout na “Potvrdit”.
Tato stránka vám ukáže všechny vaše osobní údaje a historii přihlášení. Přejděte dolů do poloviny stránky na část s označením “Historie přihlášení”. Klikněte na odkaz “Zobrazit vaše 45 posledních přihlašovacích údajů”.
V tomto zobrazení můžete vidět posledních 45krát, že aplikace Twitter nebo webové stránky používaly vaše uložené pověření pro přístup k této službě. (Každá není nutně úplná “přihlašovací jméno” s jménem a heslem, protože většina aplikací tyto údaje ukládá.) Podle mého názoru mohu jasně vidět dva přihlášení od našeho tajemného uživatele iPhone v Indii dne 6. září a znovu 9. září. Nezapomeňte na informace “Twitter pro iPhone”: to je to, co chceme vědět.
V levém sloupci klikněte na “Aplikace”. Otevře se seznam všech webů a aplikací, které jste oprávnili k přístupu k vašemu účtu a údajům v síti Twitter. Samozřejmě, že v tomto případě jste nebyli jste oprávněni k přístupu.
Najděte aplikaci nebo službu, kterou jste identifikovali jako místo přístupu pro vetřelce ze stránky “posledních 45 přihlášení” , a klikněte na tlačítko “zrušit”. V mém případě je to aplikace “Twitter pro iPhone”. Nebojte se, jestli je to také náhoda jedna z aplikací, které používáte sami – jednoduše se budete muset znovu přihlásit z vlastního zařízení a tentokrát s novějším, tvrdším heslem.
Čtvrtý krok: Vyčistěte svůj Účet
Nyní je čas vrátit zpět to, co se mu podařilo získat, dokud má přístup k vašemu účtu. Zkontrolujte následující položky pro vše, na co si nepamatujete:
- Nové tweety a odpovědi
- Nové “momenty”
- Soukromé zprávy
- Oblíbené a ” Nově sledované účty a spam se soukromými zprávami pravděpodobně představují nejčastější dodatky k vašemu účtu, protože jsou nejúčinnějším prostředkem hanebné reklamy a placených následovníků. Poté, co jste vyčistili ty tweety syrový jako máma, který si z ruky vypálil trvalou značku “tetování” mycím prostředkem, měl by váš účet vrátit do normálu.
- Chcete-li zabránit tomu, aby se to stalo znovu, možná budete chtít přidat dvoufaktorovou autentizaci ke svému účtu Twitter, mimo jiné bezpečnostní opatření. Podívejte se na tento návod pro nápovědu k tématu
Image credit: NeONBRAND
Jako Facebook, Snapchat může rychle použít spoustu dat. Ve výchozím nastavení, i když používáte mobilní data, aplikace Snapchat automaticky stáhne všechny příchozí snímky nebo příběhy, které vaše přátelé zveřejní. Jediný, co je potřeba, je trochu kamarád, aby trochu těžký s videem Snaps, a můžete vypálit přes sto megabajtů právě otevřením aplikace.
Pokud jste roztrhli svou sbírku Blu-Ray, aby vaše knihovna byla pohodlnější, můžete také vypálit zpět nebo použijte kopii, abyste nepoškodili originál. Zde je návod, jak vypálit kopii vašich filmů – nebo dokonce i vlastní domácí videa – na hratelný Blu-Ray v systému Windows nebo MacOS. Co budete potřebovat SOUVISEJÍCÍ: Jak Rip Blu-Ray Disky s MakeMKV a ruční brzdou Chcete-li vytvořit vlastní přehrávatelný Blu-Ray, budete potřebovat pár věcí, včetně: Jednotka Blu-Ray: V době, kdy se Blu-Ray stal běžný standard, mnoho počítačů přeskočilo optické mechaniky úplně.
As one of the leading digital marketing companies, we do handle the Twitter accounts for several clients. In most scenarios, the clients will have a Twitter account and they will hand over the login credentials to us so that we can manage their account, share new posts regularly and announce company news to the audience.
We have come across a lot of scenarios where the clients have a Twitter account but they forgot the username and password. Or, they lost access to the account itself and do not know the email address used while creating the account. This can happen for many reasons. One of the most common reasons for losing access to a Twitter account is, the social media manager or social media agency which was handling the Twitter account changed or the company is no longer in talking terms with the previous social media agency. In UAE, you have the legal rights to demand the credentials from the previous social media agency, provided the Twitter account was created by the agency for your company and you paid for such services.
There are chances that the previous social media agency no longer remember the login credentials or you don’t even know who created the Twitter account and what email id was used while creating the account.
In this article, I will explain how to recover a Twitter account if you no longer have access to the email id used for the Twitter account.
Try possible passwords
As the first step, try logging into your Twitter account using the credentials you can think of. Try all possible passwords used for your other social accounts. If the username / password combination is not correct, Twitter will show that “The username and password you entered did not match our records. Please double-check and try again.”.
Once you confirm that the passwords you have don’t work, you can start the standard password recovery process.
Recover your Twitter password using email, phone or username
The first step is to try recovering your password by entering the user name, email address or phone number. Go to the password recovery page on Twitter.
Try with the username first. If you enter a valid username, Twitter will prompt you to enter the email address associated with your account. If you provide the valid email, you will get a password reset link by email and you can proceed. Alternatively, you can try using the email address or phone number to recover the password.
If the email you tried doesn’t work, try other possible email ids including the official email address of the person who was handling your Twitter account in the past. Try your luck with all possible email addresses.
If none of them works, the next option is to try possible phone numbers. You can receive a CODE to the phone and use that to recover the Twitter account.
“We found more than one account with that phone number”
When you try to recover your Twitter account using the phone number, you may get this message:
“We found more than one account with that phone number”
Unfortunately, if you have used the same phone number for more than 1 Twitter accounts, you will not be able to recover Twitter account using the Phone number. In such cases, you will have to try the last option mentioned below.
How to recover the Twitter account if you don’t have access to the email address and phone number used in the account
If you have an old account with Twitter but don’t have access to the email address or phone number used in the account, the standard password recovery options will not work. In this case, your options are limited. This was the exact situation with our client. Their Twitter account was created several years ago by one of their social media person, using his personal email id. And the client wasn’t able to figure out which email id was used and which person had created it.
So, if you are in a similar situation, here is how you go about it.
First, check if you can find your account using your Twitter username by visiting this page.
If the username you specified matches a valid Twitter account, you will be presented with an option to submit a support request to Twitter. Provide your email id and also a small description explaining your situation. If the account you are trying to access belongs to a business, then use your official business email address, which will make the process easier.
As soon as you submit the above request, you will receive an auto response email. Since the email address you provided doesn’t match with your Twitter account, the response you receive will look something like this:
“The email address used to file this request does not match the email on the account you mentioned “
The email suggests you to use your Twitter app on your mobile to update the email address on your profile and recover your account. But if you don’t have a Twitter account configured on your mobile, then that option is also not going to work for you.
If your Twitter account represents a company or a registered business, you are lucky. You can reply to the autoresponse email and explain your situation. However, be aware that you will be able to follow that route only if the Twitter account represents a business account and you are using a business email address to recover it.
Remember to write a convincing email as a reply to the autoresponse. Here is a sample format we used for our client:
Dear Twitter Team,
Thank you for the quick response to our email regarding the official Twitter account of our business “ ”.
I am , brand manager at and is authorised to represent the company on the issue regarding the recovery of the official Twitter account ( ) of the company.
is a registered company in ( ) with its head office at the following address:
Our Twitter account was created a while ago by our previous social media manager as our official account for the company. The social media team which worked behind our social media initiatives have changed. We do not have access to the Twitter account any longer and do not have the options to recover using the default recovery mechanism provided by Twitter since we do not have access to the email and phone number used for creating the account.
I request you to change the email address for the Twitter account to so that we can recover the account and start using it as our official Twitter account.
I hereby confirm that all the information provided above are true and accurate to the best of our knowledge.
If you have any questions, kindly contact us at
Once you send the email, relax and wait for email updates from Twitter. In one or two business days, Twitter will get back to you with updates on your Twitter account. In our case, they updated our client’s Twitter account with the new email address we provided and we were able to recover the account using the standard account recovery process. Thanks to Twitter team.
by Cameron Syme
by Cameron Syme
A NHS executive was scammed whilst trying to regain control of her hacked Twitter account. Of all people, PlayStation 5 resellers were to blame.
Helen Bevan, a veteran executive of Britain’s National Health Service (NHS), had her Twitter account hijacked by PlayStation 5 resellers. The cyber thieves took control of her Twitter as well as her cat’s account, in total gaining 133k followers.
The hackers proceeded to delete all Bevan’s prior tweets and gave the accounts a facelift, making it seem like a buy-and-sell marketplace for the elusive next-gen console. Prices for the Playstation 5s started at £320 (AUD$ 575).
Screenshot via BBC News
The hacking took place 24 hours before Bevan was set to lead an online event where Twitter would house most of the discussion.
Bevan quickly realised she had lost control of her social media account and immediately contacted her friends and Twitter support. As expected, Twitter support wasn’t as quick to fix the situation as Bevan’s had hoped. Messages of support and others offering help poured into her associates’ DMs. One message said she could have her account back in 25 minutes for a fee of £110 (AUD$200).
With her back now against the wall and the feeling of desperation setting in, she trusted the stranger. Bevan paid the mysterious helper to remove the PlayStation 5 resellers from her account, however things did not go as smoothly as she hoped. Bevans told the BBC the following:
“I don’t think he did anything, he kept sending me films of computer files whirring, saying this is me doing your work.”
“Then he said he had got it back, but Twitter had changed the verification and he needed an extra $100, then he wanted a service charge… they prey on desperate people.”
Eventually, Twitter came to the rescue and booted the hackers out of her account. Bevan’s attributes her mishaps to her own mistakes, stating that she should have had two-factor authentication (2FA) enabled.
At this time it is unknown how many people the PlayStation 5 bandits were able to scam from Bevan’s account. She is apparently still receiving messages today, asking her where their PS5 is. Not with her, that’s for sure.
Posted on January 30th, 2013 by Lysa Myers
It’s an event that we’ve probably all dealt with at one point or another, either on the sender’s or the receiver’s end: an email that clearly didn’t come from the person who supposedly sent it, hawking weight-loss supplements or “male enhancement” pills or some such nonsense. What causes these, and what can you do about it? The short answer is, it’s one of two things:
(Is a virus sending emails from your account? Click here for a free trial of Mac Internet Security X8 for protection from malware and viruses.)
If the problem is poor password hygiene, that means your account was hacked. Or your account has been spoofed, in which case someone has made it appear as if it’s been hacked.
A spam email one of Intego’s employees received from her friend just this morning.
There are a number of reasons that can explain how your account got hacked:
- Your password was easily guessable
- You entered your credentials into a phishing site
- The website where you had your account had a security breach
- Your hacked account used the same password as a different, breached site
- There is spyware on your computer
You can tell if your account has been hacked if:
- The recipients of the spam-email includes a bunch of people you know
- You try to access your account and the password no longer works
- You try to access the “Forgot Password” link and it does not go to the expected email
- Your Sent Items folder contains a bunch of spammy emails you’re not aware of sending
(I’m assuming, of course, that you didn’t have a brain-spasm and temporarily misremember your account, or you didn’t have way too many drinks on Friday night before drunk-emailing your friends.)
If your account was in fact hacked, there are a few things you’ll need to do:
- You need to change your password on the hacked site
- You need to change your password on any other sites where you used the same username and password
- You need to change your password on any sites whose information you stored in the hacked account
- If you determine that you have been affected by spyware, once it’s removed, you will need to change all your passwords for all your online accounts and follow procedures for recovering from identity theft
- If you cannot follow any of these steps because your account details have been changed, you will need to contact support for the website that provides your account so that you can regain control
There are two main ways to see if your account was spoofed:
- Get a copy of the email, including headers, and check the originating IP address to see if it was not one you could have been using
- If you’re receiving bounce messages from a bunch of email addresses for people you’ve never heard of
If your account was spoofed, they simply created an email that had fake details (usually the “From” or “Reply-to” address), and there is very little you can do to stop this. And what you can do is likely to be ineffective. In short, you’ll need to do the following:
- Take the IP address from the email header
- Contact the ISP for that address
- Ask them to block it
However, the spammer could be using a different IP address the next day, and the ISP could either ignore or deny your request (especially if the ISP is a shady one).
This is one of those cases that reminds us computer security is not just about protecting your machine from malware. There is a lot of data on your machine that is valuable to hackers, and attackers don’t necessarily have to go to the trouble of creating malware to get it from you. But the good news is, it can also be fairly easy to protect yourself by making a few simple improvements. Stay tuned – in a future article, we’ll talk about more ways you can protect yourself against common computer security hassles.
Protect your Mac against malware, strangers, and suspicious applications with Intego’s award-winning Mac Internet Security X8.
Celebrity accountholders weren’t the only targets. Late hacker Adrian Lamo was, too.
Dan Goodin – Jul 16, 2020 5:48 am UTC
Share this story
- Share on Facebook
- Share on Twitter
- Share on Reddit
Twitter lost control of its internal systems to attackers who hijacked almost a dozen high-profile accounts, in a breach that raises serious concerns about the security of a platform that’s growing increasingly influential.
In a tweet issued about seven hours after the mass takeover spree began, Twitter officials said the attackers appeared to take control by tricking or otherwise convincing employees to hand over credentials.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” the tweet said. “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
Once Twitter learned of the takeovers, company personnel locked down the accounts and removed the tweets. Twitter’s tweet thread didn’t explain why Musk’s account posted fraudulent tweets after previous ones had been deleted.
Bad for national security, too
The compromise raises serious national security concerns because of the potential it had to sow panic and chaos. With control of virtually every Twitter account, the attackers could have hijacked those belonging to President Trump or government agencies and done much worse than replay a cryptocurrency scam that has been going on for years. Twitter eventually contained the mass compromise but only after a flood of scam messages steadily flowed out of the social media site over several hours.
It’s not the first time Twitter has suffered a serious breach of this sort. In 2010, the company settled Federal Trade Commission charges for lapses that allowed hackers to obtain unauthorized administrative control of internal systems. The breach, the FTC said, gave the attackers access to user data and private tweets and the ability to make phony tweets from any account including those belonging to then-President-elect Barack Obama and Fox News.
Just hours after Wednesday’s breach came to light, US Senator Josh Hawley sent a letter to Twitter CEO Jack Dorsey asking that he contact the FBI to make sure the site is secure.
“I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself,” Hawley wrote. “As you know, millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service. A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security.”
An article posted by Motherboard, citing unnamed hackers and corroborating screenshots, said the attackers gained access by paying a Twitter insider. The post went on to show a panel controlling the account of Binance, a cryptocurrency exchange whose Twitter personna was hijacked.
Other screenshots that circulated widely showed what purportedly were screenshots of Twitter administrative tools. While the screenshots haven’t been confirmed, Twitter repeatedly took two of them down and terminated the account of a person who initially posted them. Hackers and security people said they considered them plausible. The two initial screenshots appear below:
Adrian Lamo’s coveted Twitter handle targeted, too
Besides those of celebrities, business leaders, and politicians, the Twitter account of Adrian Lamo—a hacker known for high-profile exploits and for turning in Chelsea Manning and who died in 2018—was also compromised on Wednesday under similar circumstances.
Fellow hacker and friend Lucky225, who has had control of the account since Lamo’s death (with the blessing of his father), said Twitter sent him a password reset confirmation code for the account at 10:23am California time, about 90 minutes before the first public signs of a breach. Despite not entering the code, Lucky225 (his legal name, he says) then received an app notification warning him a new device had logged in to the Lamo account for the first time.
In a stroke of luck, Lucky225 said he was able to regain control of the account because, while the hackers had changed the email address associated with the account, they had failed to change the phone number. Lucky225 said he used the phone number to regain control. Then, in a strange and currently unexplained twist, Lamo’s friend said that at 8:30pm he discovered the account had again been hijacked—or at least partially so—when Twitter emailed him again to say two-factor authentication had just been turned off.
“What’s weird.. the password (which was just randomly generated in PW manager today when I recovered the account earlier) still works,” Lucky225 told me in a text message that dropped and abbreviated some words. “But when I use it to login it says account’s locked. And then wants me to change my pw to continue but won’t actually let me do that since email was apparently changed.”
He said it’s possible that Twitter is behind the second takeover because company employees mistakenly believed the account was still compromised. Another possibility is that hackers somehow managed to force their way back in by exploiting a vulnerability in several third-party apps that, through the OAuth protocol, had permission to access the Lamo account.
Lucky225 said he suspects attackers targeted Lamo’s account for its handle—@6—which at a single character, is highly coveted by many hackers. He’s not sure if the same hackers were responsible for the hijackings of both the Lamo and celebrity accounts, but he said the ability to twice bypass 2FA and password controls suggests whoever is behind the Lamo account takeover had control of internal Twitter systems.
A Twitter spokeswoman said the company had nothing to add beyond the information in the tweet thread.
Twitter account holders should follow the usual security guidance to lock down accounts. The advice includes using a strong password (unique to the account, randomly generated using either dice words or letters, numbers, and special characters), 2FA, and to turn on Twitter’s password reset protection, which requires users to provide additional information before a passphrase can be changed. Given that those measures were bypassed on Wednesday, they may not be enough.
SIM swapping is everywhere — and Twitter clearly isn’t ready for it
Share this story
- Share this on Facebook
- Share this on Twitter
Share All sharing options for: The frighteningly simple technique that hijacked Jack Dorsey’s Twitter account
Friday afternoon, Jack Dorsey’s 4.2 million Twitter followers got an unpleasant surprise. A group of vandals had gained access to the account, and used that access to blast out a stream of offensive messages and plugs for their group’s discord channel. Within 15 minutes, the account was back under control and the group was banned from Discord, but the incident was a reminder of the serious vulnerabilities in even the highest-profile accounts, and just how insecure phone-based authentication has become.
The hackers got in through Twitter’s text-to-tweet service, operated by the acquired service Cloudhopper. Using Cloudhopper, Twitter users can post tweets by texting messages to a shortcode number, usually 40404. It’s a useful trick for SimplePhones or if you just don’t have access to the Twitter app. The system only requires linking your phone number to your Twitter account, which most users already do for separate security reasons. As a result, control of your phone number is usually enough to post tweets to your account, and most users have no idea.
As it turns out, getting control of Dorsey’s phone number wasn’t as hard as you might think. According to a Twitter statement, a “security oversight” by the provider let the hackers gain control. In general terms, this kind of attack is called SIM hacking — essentially convincing a carrier to assigning Dorsey’s number to a new phone that they controlled. It’s not a new technique, although it’s more often used to steal Bitcoin or high-value Instagram handles. Often, it’s as simple as plugging in a leaked password. You can protect yourself by adding a PIN code to your carrier account or registering web accounts like Twitter through dummy phone numbers, but those techniques can be too much to ask for the average user. As a result, SIM swapping has become one of online troublemakers’ favorite techniques — and as we found out today, it works more often than you’d think.
Chuckling Squad, the crew that took over Dorsey’s account, has been playing this trick for years. Their most prominent attacks up to this point have been a string of online influencers with as many as ten different figures were targeted before Dorsey. They seem to have a particular trick with AT&T, which is also Dorsey’s carrier, although it’s unclear exactly how they gained control. (AT&T did not respond to a request for comment.)
The history of this kind of hack is much older than Chuckling Squad or even SIM Swapping. Any system that makes it easier for a user to tweet will also make it easier for a hacker to take control of the account. In 2016, Dorsey was targeted by a similar attack that took advantage of authorized third party plugins, which have often been abandoned but still retain the permission to send tweets to the account. That technique has grown less prominent as SIM swapping techniques have become more broadly understood, but the basic goals of drive-by vandalism have remained largely unchanged.
Still, the incident is embarrassing for Twitter, and not simply because of the immediate scramble to regain control of the CEO’s account. The security world has known about SIM swapping attacks for years, and Dorsey’s account had been vandalized before. The simple failure to secure control of the CEO’s account is a significant failure for the company, with implications far beyond a few minutes of chaos. Hopefully, Twitter will learn from the incident and prioritize stronger security — maybe even shifting Twitter verification away from SMS — but given the company’s track record, I doubt many people are holding their breath.
Hijackers directed customers to Twitter phishing website
Over the weekend, customers of British Gas seeking help from the company’s social media team witnessed some strange tweeting, accompanied by links that led to a phishing website.
The links were all shortened, so an unsuspecting customer trying to find out what was so funny, interesting and cool that the help team felt the need to share it with the world would not be so quick at detecting that the page launched was actually a phishing attempt to grab their Twitter credentials.
According to security expert Graham Cluley, the links opened a page asking the victim to introduce their Twitter log in username and password because their session needed to be re-initiated.
Apart from the URL that reveals the fraud attempt, everything appeared to be a legitimate Twitter notification. The crooks even posted the reason for signing into the micro-blogging platform, invoking security reasons.
Cybercriminals are in constant need of web account credentials, especially for social networks, in order to spread their nefarious offers to other victims.
British Gas Help has a verified account on Twitter, which provides credibility to the users. Links in messages from a reputable source are more likely to be followed and make the deceit attempt more believable.
Fortunately, British Gas managed to regain control over their Twitter account and informed their followers of the incident, advising them to delete any spam tweets they received.
We are aware our Twitter account has been compromised. Please delete any spam tweets you have received. Sorry for the inconvenience ^Joe
The service is free and requires registering a phone number, to which a verification code is sent when the user tries to log in.
Last week, another phishing campaign was in circulation, also targeting Twitter users. The scam promised verified accounts to the victims, a temptation many users might find hard to resist.
The cybercrooks set up a phishing page that did not present any signs of falsehood. They even made the effort to add links to legitimate Twitter pages, so hovering over them would show the victim that they were official.
Again, the only visible sign was the URL address and the fact that a secure connection was not in place. Even so, few users usually take the time to look at the address bar, as they are blinded by the reward promised by the scammers.
Enabling two-factor authentication and checking for the secure connection mark in the browser address bar when navigating on Twitter should thwart cyber-crooks’ attempt to take over Twitter accounts.
Joe Biden and Barack Obama were among the accounts hacked.
The Twitter accounts of several well-known figures and companies have apparently been compromised by an unknown hacker asking users to send funds to a Bitcoin account.
Among those apparently attacked were presumptive Democratic presidential nominee Joe Biden and former President Barack Obama. Apple also was apparently targeted.
Obama, with over 120 million followers, has more than any other person on the platform.
MORE: Twitter says it will add edit button if everyone wears a mask
The accounts of Elon Musk, Bill Gates, Mike Bloomberg, Kim Kardashian West, Kanye West, Uber, CashApp and more are also among the victims of the hack.
Twitter said it was the victim of a “coordinated social engineering attack,” in a statement late Wednesday night. It said the attackers “successfully targeted some of our employees with access to internal systems and tools.
“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf,” Twitter said in a statement. “We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”
Before the company was able to regain control of the accounts, it told users, “You may be unable to Tweet or reset your password while we review and address this incident.”
Verified accounts were not allowed to post for about two hours as a precaution.
At 8:41 p.m., hours after the initial hacking, Twitter said things should be mostly back to normal.
“Most accounts should be able to Tweet again,” the company wrote. “As we continue working on a fix, this functionality may come and go. We’re working to get things back to normal as quickly as possible.”
In a late-night pair of tweets, Twitter wrote, “We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely. Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing.”
The hashtag “#hacked” quickly rose to the top of trends on the site Wednesday afternoon.
The apparent scam message asked users to send Bitcoin, which would then be doubled.
“I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes,” the message read on the hacked accounts.
MORE: Twitter slaps label on another Trump tweet as the platform’s scrutiny intensifies
Biden’s campaign quickly responded to its account being hacked.
“Twitter locked down the account immediately following the breach and removed the related tweet. We remain in touch with Twitter on the matter,” the campaign said in a statement to ABC News.
The Department Of Homeland Security’s cyber arm, the Cybersecurity and Infrastructure Security Agency, referred questions to Twitter and said it had no further comment.
FBI’s San Francisco field office, which covers Twitter’s headquarters, offered a statement.
“We are aware of today’s security incident involving several Twitter accounts belonging to high profile individuals,” it said. “The accounts appear to have been compromised in order to perpetuate cryptocurrency fraud. We advise the public not to fall victim to this scam by sending cryptocurrency or money in relation to this incident.”
A Secret Service spokesperson told ABC News, “The U.S. Secret Service is aware of a suspected hacking incident related to social media accounts. As a matter of practice, the Secret Service does not confirm the existence or absence of ongoing investigations.”
Rep. Alexandria Ocasio-Cortez, D-N.Y., immediately warned people not to take part in the scam.
ABC News’ Molly Nagle, Luke Barr, Catherine Thorbecke and Marc Nathanson contributed to this report.
A Twitter hack affecting top politicians and celebrities in the United States has helped a Bitcoin wallet receive over $100,000 via at least 300 transactions. What happened? Who was affected? Why does this incident matter?
It was a bad day even by Twitter standards. In what is being dubbed as one of the “most brazen online attacks in memory”, the most powerful Twitter accounts in America were all tweeting about Bitcoins on Wednesday afternoon. It was a scam, of course, but one that got a social push from the biggest political and entertainment handles in the United States. Twitter tried to regain control and delete the messages, but some of the handles were posting similar messages even after that.
Among the affected names are former president Barack Obama, presidential hopefuls Joseph R. Biden Jr. and Kanye West, tech stars Bill Gates and Elon Musk, as well as institutional handles like @Apple. As Twitter tried to regain control, verified handles across the world went mute for a while and were unable to tweet.
What was the Twitter hack all about?
Around 4 pm Wednesday in the US, many high-profile accounts started tweeting a message saying any bitcoin sent to a link in the tweet will be sent back doubled, an offer the tweet said last just for 30 minutes.
Apple and Uber handles were among the first to be impacted, followed by those of Musk and Gates. In a couple of hours, it had taken over the handles of Obama, Biden, Mike Bloomberg and Amazon founder Jeff Bezos. Around the time handles of boxer Floyd Mayweather and celebrity Kim Kardashian had been affected, Twitter locked most large verified accounts across the US and rest of the world.
Best of Express Premium
However, in the four-odd hours the tweets were live, the Bitcoin wallet promoted in the tweets received over $100,000 via at least 300 transactions.
What is Twitter saying about the incident?
Twitter’s product lead Kayvon Beykpour tweeted that their “investigation into the security incident is still ongoing”, and promised more updates from @TwitterSupport. “In the meantime, I just wanted to say that I’m really sorry for the disruption and frustration this incident has caused our customers,” he said.
In a series of tweets, @TwitterSupport acknowledged the “security incident” and informed users that they maybe be unable to tweet or reset passwords till the micro-blogging platform reviewed the incident.
Twitter’s response to the hacking incident.
About four hours after the first acknowledgment, the handle said: “Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We’re working to get things back to normal as quickly as possible.”
Twitter CEO Jack Dorsey called it a t ough day for “us at Twitter”. “We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened,” he tweeted.
How did the Twitter hack happen?
According to Twitter Support, the “coordinated social engineering attack” was executed by people who “successfully targeted some of our employees with access to internal systems and tools”. “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” another tweet said. Twitter said that even as it has limited functionality of the affected accounts, it also restricted access to internal systems and tools.
Clearly, the vulnerability that has been exploited was within the Twitter systems and not on the user side.
📣 Express Explained is now on Telegram . Click here to join our channel (@ieexplained) and stay updated with the latest
What are implications of this security incident?
The implications are huge given the fact that the most powerful and popular accounts have been hacked. Given the influence Twitter has over political conversations globally, and in the US in particular, the verified handles of so many politicians being compromised at the same time does not augur well for the platform.
At least one Senator, Josh Hawley from Missouri, has written to Twitter CEO Jack Dorsey asking for an explanation once the problem has been fixed. Twitter will have some explaining to do to the American political establishment in the coming days.
Twitter hack: Senator Josh Hawley’s letter to CEO Jack Dorsey.
The incident is also critical because it has happened in an election year. Last elections, the conversation in the US was also about social media being manipulated for political gain.
- Falling markets: How much longer, and how to invest until they recover?
- Significance of the key hospital project to be inaugurated by PM Modi in Rajkot
- The rise and fall of Om Prakash Chautala, and the cases that haunt him
This new incident has also shown that social media giants could be more vulnerable than before.
Internet data breeches occur all too frequently these days, so it’s important that you take steps to make sure your online accounts have strong, unique passwords to thwart hijacking attempts.
If your MyPoints account does get hijacked, here are the steps to regain control of your account.
First, change your email password! If your account was hijacked and you were alerted to the fact because your Point balance decreased due to unauthorized redemptions but you were able to log into your account without any issues, then the hacker has access to your email.
If you are unable to log into your account, it’s possible the hacker changed your email and/or password or that our system detected unauthorized activity and deactivated your account for your protection.
Next, contact our Member Services team. Make sure to select “Compliance Account Access” from the dropdown menu to get your request to the right place as quickly as possible and be sure to respond to the auto-reply to reopen your ticket and get it assigned to an agent who can help you.
In order to ensure we are dealing with the owner of the account, you may be asked to provide a photo of your driver’s license or some other official identification. We will use the info (name, birthdate, address) on your ID to confirm that the account in question belongs to you to prevent further unauthorized access.
Once we’ve confirmed we are dealing with the owner of the account, we will work to make sure your MyPoints account is secure. This may require you to change your email or email password as well as update your MyPoints password. Once we are satisfied that your accounts are secured, we will restore any Points missing due to unauthorized redemptions.
To prevent your account from being hacked in the first place, it’s important to make sure you are using strong, unique passwords and two-factor authentication (if available with your provider) on all of your online accounts; especially the ones where the hijacker can gain access to personal info or other things of value.
Leave a Reply Cancel reply
About This Site
MyPoints lets you earn rewards for doing what you already do online: shopping, visiting websites, playing games, searching the Web, taking surveys and mo re!
Check out our blog for the latest contests, promotions and hot offers as well as details on new ways to earn Points and rewards.
- July 16, 2020
- 10:20 AM
Hackers were able to hijack dozens of high-profile Twitter accounts on Wednesday after gaining access to internal user administration tools and systems.
The accounts were later used to promote a cryptocurrency scam that allowed the attackers to collect over $100,000 from gullible victims who were promised to receive free bitcoins in exchange for a proof transfer or to get their bitcoins doubled.
Tech companies and executives, celebrities, and cryptocurrency exchanges were all among the Twitter accounts that the hackers managed to take over in rapid succession to promote their scam.
The Twitter accounts of @Apple, @Bitcoin, @BarackObama, @JeffBezos, @JoeBiden, @elon_musk, @BillGates, @WarrenBuffett, @Uber, @kanyewest, @wizkhalifa, @coinbase, @Ripple, @Gemini, @binance, @justinsuntron, @Tronfoundation, and @SatoshiLite are just a few of those that have been hijacked in the attack.
Right after the incident was noticed, Twitter blocked verified accounts (the ones the scammers focused their attacks on) from tweeting and resetting their passwords.
Three hours later, Twitter said tweeting functionality was restored to the affected accounts but that it might still inadvertently go down during the ongoing investigation.
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
to our teammates working hard to make this right.
Internal admin tools used to hijack accounts
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter explained five hours into the incident investigation.
“We know they used this access to take control of many highly-visible (including verified) accounts and tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”
The hijacked Twitter accounts were immediately locked and the crypto scam tweets were removed by Twitter’s team and, as announced right after the attack was spotted, functionality was limited to high-profile accounts (including verified profiles) to limit the impact on the platform.
“We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely,” Twitter added.
“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.”
This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.
Twitter insider job?
Twitter has not yet said if its employees were working with the attackers during the incident to takeover the impacted accounts, if they provided the hackers with access to the administration tools to use them as they saw fit, or if the scammers took control of Twitter’s internal tools without the employees’ knowledge.
The internal tool interface was leaked on Twitter during the attack by data breach monitoring and prevention service Under The Breach and a number of other accounts.
Right after they shared the screenshots of the internal user admin panel, the tweets were removed by Twitter staff who only left behind a “This Tweet violated the Twitter Rules” message and temporarily suspended the accounts who shared the info.
Under The Breach also told BleepingComputer that the scammers bragged about the attack and shared Twitter panel screenshots on a Discord server they promoted on the OGUsers hacker forum (popular among account hijackers and SIM swappers).
Insider job or not, it wouldn’t be the first time Twitter employees with former employees being charged for using Twitter’s internal systems to collect information on “Saudi critics and thousands of other Twitter users” (including email addresses, IP addresses, and dates of birth) and sharing it with officials of the Kingdom of Saudi Arabia — more details in the criminal complaint.
Following the series of Twitter account hijacks, Google also removed a search page feature displaying individual tweets for high-profile brands (companies and individuals) in a move that would potentially limit the attack’s exposure.
U.S. Senator Josh Hawley also asked Twitter CEO Jack Dorsey to cooperate Department of Justice and the Federal Bureau of Investigation during the ongoing investigation and to provide information on how many accounts were affected by the breach.
“I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself.,” Hawley’s letter reads.
“Please reach out immediately to the Department of Justice and the Federal Bureau of Investigation and take any necessary measures to secure the site before this breach expands.”
CEO Jack Dorsey says Twitter is ‘diagnosing’ after 5 hours of hacked tweets, which forced lockouts of other users
- Email icon
- Facebook icon
- Twitter icon
- Linkedin icon
- Flipboard icon
Print icon Resize icon
Twitter Inc. accounts belonging to top U.S. executives, lawmakers and celebrities were compromised Wednesday and appeared to be used in an attempt to siphon bitcoin from their social-media followers until the company wrangled back control of its site hours later.
After a number of cryptocurrency-related Twitter accounts were reportedly hijacked Wednesday afternoon, Tesla Inc. TSLA, +3.66% Chief Executive Elon Musk — with more than 36 million Twitter followers who have been repeatedly targeted by potential bitcoin scammers on the service — tweeted out an entreaty to send him bitcoin soon after the end of the day’s trading session.
From there, the list of compromised Twitter accounts grew into a veritable Who’s Who in real-time on the service. Microsoft Corp. MSFT, +1.19% founder Bill Gates, Democratic presidential candidate Joe Biden and former President Barack Obama, Apple Inc.’s AAPL, +1.61% never-used corporate account, Berkshire Hathaway Inc.’s BRK.A, +0.71% BRK.B, +0.81% Warren Buffett, Amazon.com Inc. founder and CEO AMZN, +1.96% Jeff Bezos, as well as musician Kanye West all tweeted out a similar message.
Twitter waited an hour and a half to make a public statement, and then restricted verified users of the site from posting while halting other activity sitewide as engineers attempted to regain control. Eventually, Twitter’s support team said that they were “working to get things back to normal” Wednesday evening.
CEO Jack Dorsey tweeted for the first time during the ordeal past 6 p.m. Pacific time, roughly five hours after Musk’s account originally tweeted the bitcoin message. Dorsey — who also helms Square Inc. SQ, +4.26% , which facilitates the transfer of some cryptocurrencies — said Twitter was still “diagnosing” the attack.
Around 7:30 p.m. Pacific, Twitter began explaining the situation, and said the hackers had apparently accessed its internal systems.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” the company tweeted. “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed.”
Shares of Twitter TWTR, +0.95% sank more than 4% after hours and ended the extended session down 3.6%, after closing at $35.67. A decline of that magnitude would wipe away more than $1 billion from Twitter’s market capitalization. The stock was down about 5% premarket Thursday.
According to CoinDesk, Twitter accounts for cryptocurrencies and crypto influencers such as Gemini, Binance, KuCoin, Coinbase, Litecoin’s Charlie Lee, Tron’s Justin Sun, bitcoin, Bitfinex, Ripple, Cash App, and CoinDesk, were also compromised. BitTorrent also confirmed the hacks and said it was working with Twitter to return its accounts to normal.
While Twitter shares fell, bitcoin prices were unaffected by the fiasco. As of Wednesday night, bitcoin futures BTCUSD, -0.75% were down just 0.1%, at about the $9,200 level. It isn’t clear if any bitcoins were lost in the scam, but some have speculated that the perpetrator of the Twitter attack may have gotten some $100,000 in coins sent to their account.
A hacker allegedly behind a spate of Twitter account hacks on Wednesday gained access to a Twitter “admin” tool on the company’s network that allowed them to hijack high-profile Twitter accounts to spread a cryptocurrency scam, according to a person with direct knowledge of the incident.
The account hijacks hit some of the most prominent users on the social media platform, including leading cryptocurrency sites, but also ensnared several celebrity accounts, notably Bill Gates, Jeff Bezos, Elon Musk and Democratic presidential hopeful Joe Biden.
Vice earlier on Wednesday reported details of the Twitter admin tool.
A Twitter spokesperson, when reached, did not comment on the claims. Twitter later confirmed in a series of tweets that the attack was caused by “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
A person involved in the underground hacking scene told TechCrunch that a hacker, who goes by the handle “Kirk” — likely not their real name — generated over $100,000 in the matter of hours by gaining access to an internal Twitter tool, which they used to take control of popular Twitter accounts. The hacker used the tool to reset the associated email addresses of affected accounts to make it more difficult for the owner to regain control. The hacker then pushed a cryptocurrency scam that claimed whatever funds a victim sent “will be sent back doubled.”
The person told TechCrunch that Kirk had started out by selling access to vanity Twitter accounts, such as usernames that are short, simple and recognizable. It’s big business, if not still illegal. A stolen username or social media handle can go for anywhere between a few hundred dollars or thousands.
Kirk is said to have contacted a “trusted” member on OGUsers, a forum popular with traders of hacked social media handles. Kirk needed the trusted member to help sell stolen vanity usernames.
In several screenshots of a Discord chat shared with TechCrunch, Kirk said: “Send me @’s and BTC,” referring to Twitter usernames and cryptocurrency. “And I’ll get ur shit done,” he said, referring to hijacking Twitter accounts.
But then later in the day, Kirk “started hacking everything,” the person told TechCrunch.
Kirk allegedly had access to an internal tool on Twitter’s network, which allowed them to effectively take control of a user’s account. A screenshot shared with TechCrunch shows the apparent admin tool. (Twitter is removing tweets and suspending users that share screenshots of the tool.)
A screenshot of the alleged internal Twitter account tool. (Image supplied)
The tool appears to allow users — ostensibly Twitter employees — to control access to a user’s account, including changing the email associated with the account and even suspending the user altogether. (We’ve redacted details from the screenshot, as it appears to represent a real user.)
The person did not say exactly how Kirk got access to Twitter’s internal tools, but hypothesized that a Twitter employee’s corporate account was hijacked. With a hijacked employee account, Kirk could make their way into the company’s internal network. The person also said it was unlikely that a Twitter employee was involved with the account takeovers.
As part of their hacking campaign, Kirk targeted @binance first, the person said, then quickly moved to popular cryptocurrency accounts. The person said Kirk made more money in an hour than selling usernames.
To gain control of the platform, Twitter briefly suspended some account actions — as well as prevented verified users from tweeting — in an apparent effort to stem the account hijacks. Twitter later tweeted it “was working to get things back to normal as quickly as possible.”
In case 2020 wasn’t dystopian enough, hackers on July 15 hijacked the Twitter accounts of former President Barack Obama, presidential hopeful Joe Biden, Elon Musk, Jeff Bezos, Kim Kardashian and Apple, among others.
In case 2020 wasn’t dystopian enough, hackers on July 15 hijacked the Twitter accounts of former President Barack Obama, presidential hopeful Joe Biden, Elon Musk, Jeff Bezos, Kim Kardashian and Apple, among others. Each hijacked account posted a similar fake message. The high-profile individual or company wanted to philanthropically give back to the community during COVID-19 and would double any donations made to a bitcoin wallet, identical messages said. The donations followed.
The hack on the surface may appear to be a run-of-the-mill financial scam. But the breach has chilling implications for democracy.
Serious political implications
As a scholar of internet governance and infrastructure, I see the underlying cybercrimes of this incident, such as hacking accounts and financial fraud, as far less concerning than the society-wide political implications. Social media – and Twitter in particular – is now the public sphere. Using a hijacked account, it would be simple to wreak economic damage, start a national security crisis or create a social panic.
Consider some of the potential threats to society posed by the takeover of technology infrastructure.
- Market stability. Coordinated rogue tweets from the accounts of Apple, Facebook, Google, Netflix and Microsoft could easily crash the stock market, at least temporarily, eroding confidence in markets.
- Societal panic. A false warning about an impending terrorist attack from a major media company account could create a dangerous public panic.
- National security. Twitter is the platform of choice for President Donald Trump. A foreign adversary hijacking his account and announcing a nuclear strike on North Korea could be catastrophic.
- Democracy. Hijacked accounts could sow well-timed political disinformation that sways or seeks to delegitimize the 2020 presidential election.
As such, what happened is not about financial crime. It is a serious threat to us all.
Screen shot of Joe Biden’s hacked account. Twitter via the New York Times
Politicians are rightly calling for hearings and investigations. The House Committee on Oversight and Reform ranking member, Kentucky Republican James Comer, issued a letter demanding answers from Twitter CEO Jack Dorsey about what happened. New York Governor Andrew Cuomo ordered a full investigation of the hack, warning that “Foreign interference remains a grave threat to our democracy.”
On the day of the attack, Dorsey tweeted, “Tough day for us at Twitter. We all feel terrible this happened.” But what did happen?
Twitter disclosed that approximately 130 accounts were affected and that “attackers were able to gain control of the accounts and then send Tweets from those accounts.” The affected accounts seemed to be “verified accounts” with the blue check mark meant to authenticate the identities of high-profile public figures.
Because these accounts are potential hacking targets, Twitter recommends additional security such as having a second log-in verification check, and requiring personal information such as a phone number to reset a password.
How were the accounts taken over? There are two general possibilities: Either hackers gained the login credentials, including passwords, or gained access to systems from inside the company. Twitter has, as of this writing, described the attack as having “successfully targeted some of our employees with access to internal systems and tools.” In other words, it may have originated inside Twitter’s secure system.
But this explanation raises more questions. Are Twitter employees (or hackers) with unauthorized access to “internal systems” actually able to tweet from the account of someone like Joe Biden? Another major question is whether the hackers also were able to read the private direct messages in each of these accounts.
To begin to regain trust, Twitter will have to clarify what happened and explain what the company will do to mitigate such an attack in the future.
Outsiders were apparently able to take over Twitter accounts of high-profile individuals by ‘social engineering,’ which allowed them to convince Twitter employees to provide access to its systems. Maskot via Getty Images
In terms of the tactics used, Twitter described the incident as having used social engineering, a term that refers to a cyberattack exploiting some human action. Examples include phishing attacks that prompt someone to click on a malicious link in an email or divulge a password or personal information. These techniques date back decades, such as the infamous I Love You attack of 2000, when emails with the subject line “I Love You” prompted people to download a virus-infected file, creating massive economic damage to companies. It can be a range of activities aimed at deceiving people into providing information useful to another party, such as a hacker trying to penetrate a company’s network.
The essential feature of a social engineering attack is that a human being is prompted to make an error in judgment. If anyone ever thought an individual has no agency in cybersecurity, simply recall the Democratic National Committee email data breach in advance of the 2016 U.S. presidential election. That incident in part originated via a phishing attack that tricked someone into disclosing email credentials. Cybersecurity is a problem of human psychology and cyberliteracy as well as a complex technical area. Not only do Twitter employees appear to be victims of social engineering, according to the initial explanation, but so too were those people who were tricked into giving bitcoin donations.
Not just a tech company problem
Cybersecurity is the great human rights issue of our time simply because the security of everything in our society – from elections to health care to the economy – is dependent upon the security of the digital world. Private companies now mediate the public sphere and so they bear great responsibility for this security. From the Facebook Cambridge Analytica scandal to the Yahoo! data breach, tech companies have had trust problems. At the same time, the COVID-19 pandemic lays bare how much we need the digital world and must get cybersecurity right.
The disclosure that the Twitter hack originated via a social engineering technique is a reminder that cybersecurity is an individual human responsibility as much as a technical or institutional one. We are all responsible. Twitter was originally not designed to be something so politically relevant. Now we all know it is. That’s why this latest attack is so serious.
This article is republished from The Conversation under a Creative Commons license. Read the original article.
TALLAHASSEE, Fla. — The campaign Twitter account for Florida Agriculture Commissioner Nikki Fried has been hacked.
A news release for the Democratic gubernatorial candidate said Fried’s verified Twitter account “was compromised through a fishing attack” Saturday night.
“We are doing everything we can to get Twitter support to fix it as quickly as possible,” the release continued.
According to Florida Politics, the account included a series of tweets promoting the sale of non-fungible tokens and was rebranded with the phrase “Skulltoons” across the top.
Fried’s tweets were hidden from the public Sunday morning while her campaign works to regain control of the account.
Her agriculture commissioner account did not appear to be affected.
Fried is seeking to win the Democratic nomination for governor. She is running against former Republican Gov. Charlie Crist, who is now a Democrat in Congress, and state Sen. Annette Taddeo, who represents portions of Miami-Dade County.
The gubernatorial primary is Aug. 23 and the general election is Nov. 8.
The FBI has launched an investigation into the attack, saying the motivation appeared to be ‘cryptocurrency fraud’
Twitter’s systems were down on Wednesday as it attempted to regain control from hackers. Photograph: Olivier Douliery/AFP/Getty Images
Twitter’s systems were down on Wednesday as it attempted to regain control from hackers. Photograph: Olivier Douliery/AFP/Getty Images
Twenty-four hours after a major security breach at Twitter saw the verified accounts of world leaders, celebrities, and corporate brands hijacked to publish fraudulent messages, few things were clear about the hack except this: it could have been much, much worse.
“Imagine this happening the night before the election,” said Bruce Schneier, a prominent security technologist and fellow at Harvard Kennedy School. “It doesn’t take a lot of imagination to go: ‘Wow!’”
The hours-long breakdown of Twitter’s systems, both by the hackers who published messages and by Twitter as it attempted to take back control, provided a stark demonstration of how much of the information ecosystem, especially in the US, relies on Twitter and its verification system – and the vulnerabilities inherent to that dependency.
The fiasco raises a host of questions, chief among them: should we still trust Twitter? And even if we don’t, what can we do about it?
Twitter has yet to release much information about the attack, beyond that it was a “coordinated social engineering attack” on its own employees that enabled hackers to gain access to the company’s internal tools and thereby take control of users’ accounts.
“To me the vulnerability is on the social side,” said Schneier, who urged the public and press not to speculate too much about the technical details of the attack. “We over-rely on Twitter. These platforms have an enormous amount of power and they’re not regulated … What you have to do is stop allowing these monopolies to exist. It’s not about Twitter; it’s that there’s only one.”
On Friday, the Federal Bureau of Investigation said it had launched an investigation into the attack. The bureau’s San Francisco office said the motivation for the attack appears to have been “cryptocurrency fraud”.
But several US lawmakers also raised concerns about potential for fallout from the attack that goes beyond hackers scamming a few hundred unfortunate victims out of $100,000. Senator Josh Hawley of Missouri called on Twitter to “give the public an accounting of how much of their personal info” it lost, raising the question of whether the attackers might have stolen users’ private messages, known on the platform as direct messages or DMs.
Senator Ron Wyden of Oregon revealed that Twitter chief executive Jack Dorsey had told him in 2018 that the company was working on bringing end-to-end encryption to DMs. “It’s been nearly two years since our meeting, and Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company’s systems, and hackers who gain unauthorized access,” Wyden said. “If hackers gained access to users’ DMs, this breach could have a breathtaking impact for years to come.”
If the attack was a straightforward financial crime with no geopolitical motivations or implications, that would be a best case scenario. But it’s still not clear if that is the case, nor if Twitter is prepared for the much more complicated and frightening alternatives.
On Friday afternoon, the company said that it has “no evidence that attackers accessed passwords”, and that it is still investigating the attack.
Thursday’s attack created a uniquely unstable information event. First, Twitter’s systems were compromised, resulting in a tsunami of disinformation. Then, in order to regain control of its systems, Twitter shut down the ability of all verified accounts to tweet anything at all, preventing both the victims of the attack, public officials, and the news media from publishing reliable information and creating a vacuum for misinformation.
“The nightmare scenario isn’t someone hacking into [the Twitter account of] US Strategic Command and saying a nuclear missile had been launched,” said Heather Williams, an assistant professor at King’s College London and co-author of a new report on the impact of Twitter in diplomacy and crisis escalation. “It’s someone hacking into Trump’s account and saying something believable.”
“That’s the real nightmare scenario: where you really can’t tell if something is real or not,” she added.
That prospect does not appear to have put Trump off tweeting. The White House said Friday that his account was not compromised and he will remain on the platform.
Schneier questioned why tech companies do not have to follow similar rules as banks when it comes to allowing employees access to customers’ accounts. “If this were a bank, there would be lots of regulations,” he said. “More importantly, senior executives would get fired.”
“Unregulated monopolies are bad for society,” he added. “And this is an example of unregulated monopolies being bad.”