Power

Hackers took over Twitter after 'a coordinated social engineering attack' on employees

The accounts of Jeff Bezos, Tim Cook, Bill Gates, Elon Musk, Joe Biden and many more were compromised. But a lot of unanswered questions remain.

Hackers took over Twitter after 'a coordinated social engineering attack' on employees

"You may be unable to Tweet or reset your password while we review and address this incident," tweeted the official Twitter Support account.

Image: Protocol

Twitter acknowledged Wednesday evening that a third party was able to target its employees with "social engineering" techniques to gain control of the accounts of some of its most prominent users, uncorking a Bitcoin scam and sending the internet into a tizzy for several hours.

"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," Twitter said through its Twitter Support account hours after the first hijacked tweets were sent. "We know they used this access to take control of many highly visible (including verified) accounts and Tweet on their behalf."

The accounts of Jeff Bezos, Tim Cook, Bill Gates, Elon Musk, Joe Biden, Kanye West, Kim Kardashian-West and a number of other major figures in tech, media and politics began tweeting out the same message midafternoon on the West Coast, urging their combined tens of millions followers to donate thousands of dollars in Bitcoin to a mystery account.

Shortly thereafter, verified users lost the ability to post. Unverified users began celebrating with tweets and GIFs. "The revolution will be unverified," one Twitter user wrote.

The block on verified accounts prevented major news organizations, federal agencies, police departments and state governments from tweeting out information.

Most of the messages, which began with the phrase "I am giving back to the community," promised to double the donations of anyone who sent Bitcoin to a particular wallet. Within hours, more than 300 people had sent more than $110,000.

More than an hour after the hacks began, scam tweets were still being sent from the accounts of additional celebrities. "We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely," Twitter Support said late Wednesday.

A key question Twitter will need to answer in the coming days and weeks is not just how this breach occurred, but also how much access the hackers had to those users' accounts. The collateral damage could be infinitely larger, for instance, if the hackers had a window into these people's direct messages.

"Internally, we've taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues," Twitter Support said late Wednesday.

The Biden campaign told Protocol in a statement, "Twitter locked down the account immediately following the breach and removed the related tweet. We remain in touch with Twitter on the matter." The campaign didn't immediately respond to a question about whether it had two-factor authentication enabled.

Shortly after the breach, Republican Sen. Josh Hawley of Missouri sent a letter to Twitter CEO Jack Dorsey demanding answers about the scope of the damage and asking Dorsey to contact the Department of Justice and the Federal Bureau of Investigations for help looking into the matter. "I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself," the letter reads. "A successful attack on your system's servers represents a threat to all of your users' privacy and data security."

Twitter CEO Jack Dorsey addressed the hack in a tweet earlier Wednesday evening, but it didn't explain much. "Tough day for us at Twitter," Dorsey wrote. "We all feel terrible this happened. We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened." He ended with a blue heart emoji for "our teammates working hard to make this right."

Update: This post was updated at 8:15 p.m. PT with more information from Twitter Support.

Podcasts

Crypto’s big crash

Is the tech superbubble about to burst?

red and blue light streaks
Photo by Maxim Hopman on Unsplash

This week, we're diving into the crypto crash. What led luna to fall off a cliff? Are we seeing the dot-com bust, part two? Protocol fintech editor Owen Thomas explains it all to us. Then entertainment reporter Janko Roettgers joins us to share the inside scoop on his exclusive interview with Mark Zuckerberg. We learn why Meta is betting it all on the metaverse and Brian finally gets to ask the most pressing question on his mind this week: What does Mark smell like?

And finally, Caitlin and Brian take a moment to reminisce about the iPod, which was put out to pasture this week after more than two decades on the market.

Keep Reading Show less
Caitlin McGarry

Caitlin McGarry is the news editor at Protocol.

Sponsored Content

Foursquare data story: leveraging location data for site selection

We take a closer look at points of interest and foot traffic patterns to demonstrate how location data can be leveraged to inform better site selecti­on strategies.

Imagine: You’re the leader of a real estate team at a restaurant brand looking to open a new location in Manhattan. You have two options you’re evaluating: one site in SoHo, and another site in the Flatiron neighborhood. Which do you choose?

Keep Reading Show less
Enterprise

Say goodbye to unicorns. The cloud centaurs are here.

Protocol caught up with Bessemer Venture Partners’ Kent Bennett to discuss the state of the cloud, the new SaaS models poised to make a dent on the industry and why the firm developed a new SaaS milestone.

Bessemer Venture Partners developed a new SaaS milestone that it’s calling the “centaur,” for startups that reach over $100 million in annual recurring revenue.

Photo: Bessemer Venture Partners

Kent Bennett thinks the SaaS business model is the “greatest business model in the history of the planet.” As a partner at Bessemer Venture Partners, it’s fitting that he’s bullish on the cloud: Bennett was one of the main authors of Bessemer’s annual State of the Cloud report, which gives a bird's eye view of what’s happening in the cloud economy.

In the report, Bessemer analyzed everything from the new ways SaaS companies are trying to monetize their software to what areas are still underserved by SaaS. The firm also developed a new SaaS milestone that it’s calling the “centaur,” for startups that reach over $100 million in annual recurring revenue.

Keep Reading Show less
Aisha Counts

Aisha Counts (@aishacounts) is a reporter at Protocol covering enterprise software. Formerly, she was a management consultant for EY. She's based in Los Angeles and can be reached at acounts@protocol.com.

Climate

The future of electrification, according to Google Trends

People are searching more often for how to electrify their lives, from induction stoves to e-bikes.

From “induction stove” to “home EV charging,” search interest is rising.

Photo: Michael Tuszynski via Unsplash

Feeling cynical about the state of the climate? Well, it’s hardly a guarantee of a liveable climate, but a peek at Google Trends might provide a glimmer of hope.

People are increasingly ready for the all-electric future at home and on the road. From “induction stove” to “home EV charging,” search interest is rising. And while climate change is certainly not up to the individual to solve — that’s mainly on governments and corporations — shifts in public tastes can bring about policy changes. Fast. (See: outdoor dining in major cities; marriage equality.)

Keep Reading Show less
Lisa Martine Jenkins

Lisa Martine Jenkins is a senior reporter at Protocol covering climate. Lisa previously wrote for Morning Consult, Chemical Watch and the Associated Press. Lisa is currently based in Brooklyn, and is originally from the Bay Area. Find her on Twitter ( @l_m_j_) or reach out via email (ljenkins@protocol.com).

What Elon's Twitter 'hold' even means

The answers to all the Musk-iest Twitter acquisition questions.

Keep in mind that Elon Musk isn't exactly known for telling the truth.

Photo illustration: Getty Images; Unsplash; Protocol

Elon Musk can tweet anything he likes, because he’s Elon Musk, and he’s buying Twitter, and free speech is awesome. What he can’t do is make false tweets true.

Musk said Friday that the Twitter deal was temporarily on hold while he looked into a report that spam bots and other fake accounts made up less than 5% of its users. He added, hours after his first tweet, that he was “still committed to [the] acquisition.” Investors promptly sold off shares of Twitter, thinking that Musk’s words somehow had meaning, embodied intent or otherwise had an impact on the world. They did not, eppur si muove, and yet the stock market moved.

Keep Reading Show less
Owen Thomas

Owen Thomas is a senior editor at Protocol overseeing venture capital and financial technology coverage. He was previously business editor at the San Francisco Chronicle and before that editor-in-chief at ReadWrite, a technology news site. You're probably going to remind him that he was managing editor at Valleywag, Gawker Media's Silicon Valley gossip rag. He lives in San Francisco with his husband and Ramona the Love Terrier, whom you should follow on Instagram.

Latest Stories
Bulletins