• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Twitter Suffers Major Security Breach

July 15, 2020 By Marc Laliberte

Big red lock

Updated 07-16-2020 to include information gained by Vice’s Motherboard

Twitter suffered what appeared to be a major breach midway through the day today when dozens of high-profile accounts ranging from former president Barack Obama to Apple in an attempt to peddle a bitcoin scam. Many of these accounts were protected using multi-factor authentication, indicating the attacker either had an inside connection at Twitter or exploited a vulnerability in the platform or a connected app.

Vice’s Motherboard appears to have confirmed through several sources that the attackers gained access to an internal administrative control panel by paying a Twitter employee. If this is indeed the case, it makes this incident the most prominent example of insider threats in recent history.

Apple Tweet

Most of the compromised accounts showed a similar message, promising to double any Bitcoin sent to a wallet address posted in the message. One of the wallets associated with the scam has so far received over $100,000 in Bitcoin today alone, indicating the attackers have been enjoying success. At around the same time as the compromises targeting major individuals and corporate accounts, nearly every cryptocurrency-related twitter account posted a similar scam advertising a fictitious fund called CryptoForHealth.

At this time, Twitter has not confirmed how the cybercriminals managed to compromise so many accounts. Twitter has remained quiet so far, telling press only that they are “looking into” the issue. So far, all of the compromised accounts were relatively high-profile individuals and companies. That said, you should still monitor your account for any unauthorized access or posts until Twitter publicly discloses the cause of the breach.

Associated Bitcoin wallets and funds received (updated: 16:27 PDT 07-15-2020)

AddressBTC ReceivedUSD Ammount
bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh12.86$118,482
bc1q0kznuxzk6d82e27p7gplwl68zkv40swyy4d24x0.178$1,639
38wUJKDfyio7cjmbafRjJudizdhAev1PF400
1Aaqkcac8oit7rSuYpHkwvRECzqZYJNw4d00
1CZXVq7hCSQxhGykzr92sUvKWDZYrRHnRL00

Share This:

Related

Filed Under: Editorial Articles

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use