A Twitter insider was responsible for a wave of high profile account takeovers on Wednesday, according to leaked screenshots obtained by Motherboard and two sources who took over accounts.
"We used a rep that literally done all the work for us," one of the sources told Motherboard. The second source added they paid the Twitter insider. Motherboard granted the sources anonymity to speak candidly about a security incident. A Twitter spokesperson told Motherboard that the company is still investigating whether the employee hijacked the accounts themselves or gave hackers access to the tool.
The accounts were taken over using an internal tool at Twitter, according to the sources, as well as screenshots of the tool obtained by Motherboard. One of the screenshots shows the panel and the account of Binance; Binance is one of the accounts that hackers took over today. According to screenshots seen by Motherboard, at least some of the accounts appear to have been compromised by changing the email address associated with them using the tool.
The bad news: Twitter has now revealed that the attackers may indeed have downloaded the private direct messages (DMs) of up to 8 individuals while conducting their Bitcoin scam, and were able to see “personal information” including phone numbers and email addresses for every account they targeted.
That’s because Twitter has confirmed that attackers attempted to download the entire “Your Twitter Data” archive for those 8 individuals, which contains DMs among other info.
If Trump starts tweeting in complete sentences, with good grammar and punctuation, then we know it's not really him. The only way to impersonate Trump tweets would be to feed it through a Russian translator, then an English translator, then a malfunctioning autocorrect.I never had a Twitter account, but for now I will even stop clicking on Twitter posts here.
If the company can't guarantee that the tweets come from the real account holder..... nah.
Before you know it, someone is posting bullshit on the 45 account, and no one will ever notice the difference.
Mr. O'Connor said other hackers had informed him that Kirk got access to the Twitter credentials when he found a way into Twitter’s internal Slack messaging channel and saw them posted there, along with a service that gave him access to the company’s servers.
What's needed is the opposite of autocorrect-- an autofail, perhaps?If Trump starts tweeting in complete sentences, with good grammar and punctuation, then we know it's not really him. The only way to impersonate Trump tweets would be to feed it through a Russian translator, then an English translator, then a malfunctioning autocorrect.
Early this morning, the FBI, IRS, US Secret Service, and Florida law enforcement placed a 17-year-old in Tampa, Florida, under arrest — accusing him of being the “mastermind” behind the biggest security and privacy breach in Twitter’s history, one that took over the accounts of President Barack Obama, Democratic presidential candidate Joe Biden, Bill Gates, Elon Musk, and more to perpetrate a huge bitcoin scam on July 15th.
The teen is currently in jail, being charged with over 30 felony count, including organized fraud, communications fraud, identity theft, and hacking, according to Hillsborough State Attorney Andrew Warren in a just-broadcast news conference describing the arrest.
It’s not clear whether the 17-year-old is the only suspect in the case. “I can’t comment on whether he worked alone,” said Warren. He was arrested at his apartment where he lives by himself, authorities stated.
Last Friday, a 17-year-old Florida high school graduate, Graham Ivan Clark, was arrested and charged as the “mastermind” behind the massive bitcoin scam that ensnared the accounts of Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Apple, and more — after he allegedly posed as a member of Twitter’s IT department and used Twitter’s own admin tools to break into those accounts.
This morning, I woke up early to hear what he — or his lawyer — had to say about that. It was so easy I didn’t even have to get to a desk. The court had publicly revealed last week it’d hold hearings over Zoom, no password required, so I tuned in with my phone from bed.
Apparently, it was too easy. So easy that trolls decided to zoombomb the entire hearing, spewing disgusting noises, piping in distracting music in several different languages, cursing out the court, and eventually hijacking the stream with a PornHub clip, according to cybersecurity reporter Brian Krebs. (I stopped watching after I realized the 17-year-old defendant wasn’t going to show up, and I just listened to the rest with my earbuds.)