Twitter experiences widespread hack in coordinated cryptocurrency scam

Source: 9to5Mac

What you need to know

Twitter has experienced a major security breach.
The breach has resulted in a number of accounts sending Bitcoin-related tweets.
The hack appears to be part of a widespread cryptocurrency scam.

Twitter is currently experiencing a widespread security breach that is resulting in a number of high profile accounts encouraging their followers to send Bitcoin to an unknown account.

Update 7: The New York Times reports that the hack started as a quest for usernames but then evolved into a Bitcoin scam.

Update 6: Twitter says they believe the hack was the result of a social engineering attack against some of its employees with access to internal systems.

Update 5: Twitter CEO Jack Dorsey has apologized for the security breach and says the team is still researching what caused the hack.

Update 4: Twitter has limited additional account functionality for more users, not just verified accounts.

VPN Deals: Lifetime license for $16, monthly plans at $1 & more

Update 3: Some verified Twitter accounts are able to tweet again but only temporarily.

Update 2: Verified Twitter accounts have had their ability to tweet disable but can retweet.

Update 1: Twitter's official Support account has acknowledged the breach, saying that they are actively investigating and working on a fix.

We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020

Apple, along with a number of high profile Twitter accounts like Elon Musk, Uber, and Barack Obama have all been affected by the breach. While each tweet has been slightly different, all link to the same Bitcoin account.

In response to the hack, Twitter has currently shut down all verified accounts from being able to post on the platform.

You may be unable to Tweet or reset your password while we review and address this incident.
— Twitter Support (@TwitterSupport) July 15, 2020

Verified accounts can retweet, but are unable to tweet.

Additionally, non-verified accounts are being affected by Twitter's attempt to remedy the situation. Twitter is recommending everyone reset their password.

We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience.
— Twitter Support (@TwitterSupport) July 15, 2020

Hours after the hack, Twitter CEO Jack Dorsey has apologized for the security breach and says that the team at Twitter is still working to understand how the hack occurred.

Tough day for us at Twitter. We all feel terrible this happened.

We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.

💙 to our teammates working hard to make this right.
— jack (@jack) July 16, 2020

Twitter says that the hack is the result of a coordinated social engineering attack against a number of its internal employees which gave the hackers access to internal systems.

We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Twitter Support (@TwitterSupport) July 16, 2020

After interviewing hackers claiming to be involved in the security breach, the New York Times is reporting that the hack began as a quest to obtain sought after usernames. Then, one individual began engaging in a cryptocurrency scam that affected a number of high profile accounts.

Hackers involved in the Twitter breach said it started as a quest for cool usernames. Then one member of the group began going after cryptocurrency companies, Jeff Bezos, and Kanye West. w/@nathanielpopper https://t.co/uc1UDInglz
— kate conger (@kateconger) July 17, 2020

This is a developing story and we will update as we receive more information.