Joe Biden, Elon Musk, Jeff Bezos and other high-profile Twitter account holders were the targets of a widespread hack to offer fake bitcoin deals on Wednesday in one of the most pronounced security breaches on a social media site.
Accounts for former president Barack Obama, Microsoft co-founder Bill Gates, musician Kanye West and both Uber and Apple also posted similar tweets, all instructing people to send cryptocurrency to the same bitcoin address. The tweets were removed throughout the afternoon, shortly after being posted.
There have been hacks of high-profile individual accounts on Twitter before, including Twitter chief executive Jack Dorsey last year. But the widespread nature of this attack suggested an unusually broad access to internal controls. While it was unclear how the attacks originated or why they went on for hours, some cybersecurity experts speculated that someone may have gained access to internal Twitter controls that allowed them to take over and post on the accounts.
The attack also partially shut down the network. Twitter said in a tweet on Wednesday afternoon that some users weren’t able to tweet while it was addressing the incident. Users with the check mark indicating that their accounts were verified by Twitter reported that they weren’t able to tweet.
Twitter started letting verified accounts tweet again Wednesday night but warned the “functionality may come and go” as it worked on a fix to the breach. Later the same night, Twitter chief executive Dorsey tweeted that the company was “diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.” He called it a “tough day” at Twitter.
The breach will create major optics challenges for Twitter, and it will make it more challenging moving forward to verify the authenticity of messages on the service, cybersecurity experts warned. That could have wide-reaching implications for politicians, celebrities and brands that use Twitter as an essential channel for communication.
Cybersecurity experts warned that this type of breach, where influential accounts are taken over, could have devastating effects if used for something more dangerous than to take money from unsuspecting users. The consequences could be greater if it involved an account like Trump’s or spread misinformation on some type of global security threat.