The Twitter Hack May Have Been an Inside Job

twitter hack
Image: Twitter

Several high profile Twitter accounts were used in a bitcoin scam earlier today. It has now been discovered that the Twitter hack may have been partially internal.

The Twitter Hack

On Thursday the Twitter accounts of Apple, Bill Gates, Elon Musk and other celebrities were hacked. All of the accounts began tweeting out a scam that implored people to send bitcoin, promising they would be sent double the amount back. This was followed by a link to a blockchain wallet.

Within a few hours Twitter stopped all verified accounts from tweeting while it investigated the situation.

What happened?

Since then, the social media giant has revealed that an internal tool was used in the Twitter hack.

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” the Twitter Support account said.

“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.”

And this makes sense. A simultaneous attack on multiple high profile accounts indicates that an internal tool was probably utilised. After all, many individual accounts often have two-factor-authentication toggled on.

Twitter is yet to elaborate further. However, its wording suggests that multiple hackers were involved and several Twitter employees were targeted. It also implies the employees were victims.

A report by Motherboard suggests otherwise. According to the publication it has spoken to the hackers responsible for the hacker, and they are saying an insider was willingly involved.

“We used a rep that literally done all the work for us,” a source said to Motherboard. Apparently that work involved a Twitter employee using an admin tool to change email addresses attached to certain accounts.

Motherboard was also shown screenshots of the internal tool. Similar screenshots were circulating on Twitter but have since been removed for violating Twitter’s terms of service.

The picture is also said to be doing the rounds in hacker communities.

A screenshot of the alleged tool that was used to hijack Twitter users’ accounts on Thursday. Image: Motherboard.

A second source also reportedly said that a Twitter employee was paid for their assistance.

According to Motherboard, Twitter said it is still investigating where the truth lies. At the present time its not entirely clear whether it was partially an inside job or not.

At the time of writing one of the primary blockchain wallets involved in the scam has $169,000 worth of bitcoin go through it. Almost all of it has already been sent out of it.

We’ll update this story when more information comes to light.