Twitter is investigating after hackers targeted several high-profile US figures in a "co-ordinated social engineering attack".
Fake tweets were posted to the accounts of Amazon chief Jeff Bezos, Microsoft co-founder Bill Gates and SpaceX billionaire Elon Musk, offering to send $2,000 for every $1,000 sent to a Bitcoin address.
Chief executive Jack Dorsey tweeted: "Tough day for us at Twitter. We all feel terrible this happened."
He added that staff are "working hard to make this right".
Also among those affected were former US president Barack Obama and Democratic presidential candidate Joe Biden.
Businessman Mike Bloomberg, reality TV star Kim Kardashian, rapper Kanye West, and the corporate accounts for Uber and Apple were also reported to have been hit by the scam.
Blockchain records, which store data about monetary transactions, showed the suspected scammers had received more than $100,000 worth of cryptocurrency, according to Reuters.
Just before 11pm UK time, Twitter confirmed it was investigating a "security incident impacting accounts".
Around four hours later, the social media platform said: "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
"We know they used this access to take control of many highly-visible (including verified) accounts and tweet on their behalf. We're looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
"Once we became aware of the incident, we immediately locked down the affected accounts and removed tweets posted by the attackers."
Twitter said it had also limited functionality for a "much larger group of accounts, like all verified accounts (even those with no evidence of being compromised)".
"This was disruptive, but it was an important step to reduce risk," the platform said before adding that most functions had been restored.
The compromised accounts were locked and access will be restored to the original account holder "Only when we are certain we can do so securely".
"Internally, we've taken significant steps to limit access to internal systems and tools while our investigation is ongoing."
Experts were surprised at the scale of the incident, which suggested the hackers may have gained access through Twitter's system, rather than through individual accounts.
Michael Borohovski, director of software engineering at security company Synopsys, said: "It is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application.
"If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction," he added.
Dmitri Alperovitch, co-founder of cybersecurity company CrowdStrike, said: "This appears to be the worst hack of a major social media platform yet.
"We are lucky that, given the power of sending out tweets from the accounts of many famous people, the only thing that the hackers have done is scammed about $110,000 in bitcoins from about 300 people."
Shares in Twitter were down by more than 3% in after-hours trading on Wednesday in the US.
https://news.google.com/__i/rss/rd/articles/CBMiZGh0dHBzOi8vbmV3cy5za3kuY29tL3N0b3J5L3R3aXR0ZXItaGFjay1vYmFtYS1iZXpvcy1hbmQta2FyZGFzaGlhbi10YXJnZXRlZC1ieS1iaXRjb2luLXNjYW0tMTIwMjkzOTTSAWhodHRwczovL25ld3Muc2t5LmNvbS9zdG9yeS9hbXAvdHdpdHRlci1oYWNrLW9iYW1hLWJlem9zLWFuZC1rYXJkYXNoaWFuLXRhcmdldGVkLWJ5LWJpdGNvaW4tc2NhbS0xMjAyOTM5NA?oc=5
2020-07-16 04:18:45Z
52780927007424
Tidak ada komentar:
Posting Komentar