If you follow Joe Biden on Twitter, or Elon Musk, Apple, Uber, Barack Obama, Bill Gates are other high-profile people you may have seen an unusual tweet from them Wednesday night. Hackers reportedly took over those accounts for a brief time in an attempt to scam people out of money.
Most of the tweets read exactly the same: “I am giving back to my community due to COVID-19. All Bitcoin sent to my address below will be sent back, doubled”, including a Bitcoin wallet address and the line “Only doing this for the next 30 minutes. Enjoy”
Most people saw these tweets and figured out it was likely the result of a hack, but potentially thousands of people actually deposited money in those accounts to the reported tune of over $120,000. How does this kind of thing happen? Cybersecurity expert Joseph Steinberg said it was a concerted effort that exploited a Twitter back door.
“It used a tool that Twitter had created for its administrators and used that to compromise many accounts.”
$120,000 to scammers is bad, but Steinberg said it could have been worse without even involving money.
“If this had occurred, for example, 3 hours before the election in November on Election Day and contained some, for example incoherent or controversial tweets from Joe Biden, that could have affected the results of the election,” he said. “I do think this could have been a lot worse. It’s a great blessing in disguise to a certain extent that Twitter is aware that it needs to address this problem before it was used in such a terrible fashion.”
Steinberg believes the administrative tool should not be in place and that Twitter employees should not have a tool that allows them to tweet from someone’s account.
“There are things that can be done by Twitter to prevent these problems. And not just Twitter, because this problem could affect other platforms,” Steinberg said. “Things need to be done and probably should be done ASAP. Otherwise, there’s no question this will be abused in the future.”
It is further proof that you should not blindly believe everything you see on social media. Even on verified accounts.