$NET these twitter hacks are exactly why more companies need to adapt internet security companies like NET!
Hackers appear to target Twitter accounts of Elon Musk, Bill Gates, others in digital currency scam
Over a dozen high-profile Twitter accounts, including Apple, Amazon CEO
Jeff Bezos, Microsoft founder Bill Gates, Democratic presidential
candidate Joe Biden, and former president Barack Obama, were apparently
hacked on Wednesday and posted tweets telling followers to send bitcoin
to a specific address.
Tesla CEO Elon Musk was first high-profile account to be hacked, posting a tweet early Wednesday afternoon promising to double any payments sent to the bitcoin address.
Twitter’s stock dropped over 2% in extended trading. “We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly,” the company said in a tweet.
The Musk tweet was deleted minutes after it was sent, before a second tweet asking for bitcoin was posted from the same account and deleted again. In total, Musk’s account sent at least three bitcoin tweets from a Twitter web account and one reply to Bill Gates. The bitcoin-related tweet was Apple’s first ever tweet, although the account had placed ads in the past.
Other accounts hacked included former New York City mayor Mike Bloomberg, musicians Kanye West and Wiz Khalifa, Berkshire Hathaway chairman Warren Buffett, reality TV star Kim Kardashian, the Cash App corporate account, and Uber’s corporate account.
Rachel Tobac, the CEO of cybersecurity firm SocialProof Security, told NBC News that the attack was likely the largest Twitter had ever seen. “I’m surprised twitter hasn’t gone completely dark to prevent misinformation campaigns and political upheaval,” she said. “We are lucky the attackers are going after bitcoin (money motivated) and not motivated by chaos and destruction.”
Teresa Payton, former White House Chief Information Officer and CEO of Fortalice Solutions, said that she expects Twitter to provide a full report detailing how and why these accounts were hacked. She also warned that information, such as direct messages, may have been stolen from the affected accounts and could be released or used in the future.
“They’re going to need to apologize to the VIPs and to the individuals who were defrauded and fell for the scam,” Payton told CNBC. “The next thing they’re going to need to do is to conduct a thorough and transparent investigation, and they’re going to need to share what they can about who the attackers were and how they pulled this off.”
Kelley Robinson, a security advocate for Authy, a company that provides two-factor authentication, told NBC News that the scale of the attack indicated the hackers had gotten administrative access at Twitter itself. “It’s really unlikely that Bezos, Musk, and especially Biden all had credentials compromised,” she said over Twitter Direct Message.
Mel Shakir, a Managing Director at DreamIt Ventures and a veteran of the IT security industry, said that high-profile users like those attacked on Wednesday should be using as many security options as possible, including biometric authentication like fingerprints, or using hardware keys instead of text messages for two-factor authentication. “Passwords are inherently insecure. But Twitter has provided all the security options that are available,” Shakir said.
Earlier on Wednesday, several cryptocurrency accounts simultaneously linked to a phishing site called CryptoForHealth. Cameron Winklevoss, cofounder of Gemini, a cryptocurrency market, said in a tweet: “ALL MAJOR CRYPTO TWITTER ACCOUNTS HAVE BEEN COMPROMISED.” In the past, one popular cryptocurrency scam on Twitter involved attackers changing their display name and avatar to match Elon Musk, then they would reply to his tweets pretending to be him asking for bitcoin. But on Wednesday, the accounts tweeting about bitcoin were real.
All hacked accounts on Wednesday were verified. The tweets on Wednesday appeared to have been sent through a web browser accessing Twitter.com, not an app or third-party software. Around 3:15 PT, Twitter blocked all verified accounts from tweeting in an attempt to regain control.
Here’s a sampling of the tweets. Many have been deleted.
Tesla CEO Elon Musk was first high-profile account to be hacked, posting a tweet early Wednesday afternoon promising to double any payments sent to the bitcoin address.
Twitter’s stock dropped over 2% in extended trading. “We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly,” the company said in a tweet.
The Musk tweet was deleted minutes after it was sent, before a second tweet asking for bitcoin was posted from the same account and deleted again. In total, Musk’s account sent at least three bitcoin tweets from a Twitter web account and one reply to Bill Gates. The bitcoin-related tweet was Apple’s first ever tweet, although the account had placed ads in the past.
Other accounts hacked included former New York City mayor Mike Bloomberg, musicians Kanye West and Wiz Khalifa, Berkshire Hathaway chairman Warren Buffett, reality TV star Kim Kardashian, the Cash App corporate account, and Uber’s corporate account.
Rachel Tobac, the CEO of cybersecurity firm SocialProof Security, told NBC News that the attack was likely the largest Twitter had ever seen. “I’m surprised twitter hasn’t gone completely dark to prevent misinformation campaigns and political upheaval,” she said. “We are lucky the attackers are going after bitcoin (money motivated) and not motivated by chaos and destruction.”
Teresa Payton, former White House Chief Information Officer and CEO of Fortalice Solutions, said that she expects Twitter to provide a full report detailing how and why these accounts were hacked. She also warned that information, such as direct messages, may have been stolen from the affected accounts and could be released or used in the future.
“They’re going to need to apologize to the VIPs and to the individuals who were defrauded and fell for the scam,” Payton told CNBC. “The next thing they’re going to need to do is to conduct a thorough and transparent investigation, and they’re going to need to share what they can about who the attackers were and how they pulled this off.”
Kelley Robinson, a security advocate for Authy, a company that provides two-factor authentication, told NBC News that the scale of the attack indicated the hackers had gotten administrative access at Twitter itself. “It’s really unlikely that Bezos, Musk, and especially Biden all had credentials compromised,” she said over Twitter Direct Message.
Mel Shakir, a Managing Director at DreamIt Ventures and a veteran of the IT security industry, said that high-profile users like those attacked on Wednesday should be using as many security options as possible, including biometric authentication like fingerprints, or using hardware keys instead of text messages for two-factor authentication. “Passwords are inherently insecure. But Twitter has provided all the security options that are available,” Shakir said.
Earlier on Wednesday, several cryptocurrency accounts simultaneously linked to a phishing site called CryptoForHealth. Cameron Winklevoss, cofounder of Gemini, a cryptocurrency market, said in a tweet: “ALL MAJOR CRYPTO TWITTER ACCOUNTS HAVE BEEN COMPROMISED.” In the past, one popular cryptocurrency scam on Twitter involved attackers changing their display name and avatar to match Elon Musk, then they would reply to his tweets pretending to be him asking for bitcoin. But on Wednesday, the accounts tweeting about bitcoin were real.
All hacked accounts on Wednesday were verified. The tweets on Wednesday appeared to have been sent through a web browser accessing Twitter.com, not an app or third-party software. Around 3:15 PT, Twitter blocked all verified accounts from tweeting in an attempt to regain control.
Here’s a sampling of the tweets. Many have been deleted.
沒有留言:
張貼留言