Several famous Twitter accounts were hacked on Wednesday when hackers successfully accessed the accounts of Barack Obama, Joe Biden, Elon Musk, Bill Gates and Kim Kardashian, as well as some accounts of famous companies such as Apple and Uber.
By hacking these accounts, hackers have deployed a fraud to collect bitcoin currency from followers, by asking them to send bitcoin to a specific wallet address and promising them to double the amount.
Twitter said on Friday that it believed 130 accounts were affected by piracy, and later that day in a post on its blog, Twitter provided some details.
"Until now, we know that they have only accessed the tools available to our internal support teams to target 130 Twitter accounts. For 45 of these accounts, attackers were able to start password reset, log into the account and send tweets," she added.
What is the secret of the eight accounts?
Twitter explains that among the 130 hacked accounts, there are eight accounts that hackers have completely downloaded their data with a Twitter tool that allows users to download all data related to their account, including their private messages.
And Twitter pointed out that among these eight accounts there is no account defined and registered as an account - the accounts that are the accounts that Twitter is sure of the identity of its owner - which indicates that they may not have been any of the celebrity accounts or prominent companies that published the Bitcoin fraud.
However, some of the hacked accounts were popular, but they were unverified accounts (for example TheTweetOfGod common).
Twitter did not provide details of the accounts or what they have in common. Several reports have linked the attack to a community of obsessed hackers with what are called "ultra-short" Twitter accounts (OGs).
“OG” stands for Original Gangster and Handel is the Twitter account symbol (@), and examples of these acronyms are sold in millions (@ joe @ 333).
Cyber security expert Brian Krebs said on his KrebsOnSecurity website that hours before the Twitter fraud was launched on Wednesday, a few shortened Twitter accounts had been hijacked.
He explained that among them was the account of the famous deceased hacker Adrian Lomo "@ 6", who was known as the homeless hacker, the hacker who was famous for the role in which he helped pass information that led to the arrest of Chelsea Manning, the American soldier who was imprisoned for being involved in leaking WikiLeaks documents.
These accounts were offered for sale in the lower internet community with large amounts of money before breaching celebrity accounts, noting that sellers are not responsible in case these accounts are later withdrawn.
Many pirates prefer these accounts, and there is an obsession for buying them and boasting about them, just as the case with the distinctive numbers in cars.
The "New York Times" confirmed this hypothesis when the information gathered by the newspaper led to the exclusion of the hypothesis that a known state or group of pirates stood behind the attack.
The newspaper said the hack was carried out by a "youth group", one of whom said he was still living with his mother, and they met because of their obsession with hard-to-get usernames.
Selling names
The hackers whom the New York Times spoke to confirmed that they participated in hacking into the accounts of people who are not top celebrities, but some people are seeking to obtain the names of their users, and they were trying to sell those names in exchange for Bitcoin.
Usernames, for example, consist of a single letter or number, which constitutes an indication that its owner is one of the first users of the site.
And Twitter, immediately after publishing this report, limited these accounts and suspended them completely, to discover that the hackers saved all correspondence and conversations in these accounts before they were offered for sale.
Twitter did not explain what was the motive behind the process, but confirmed that the hackers were able to access an internal tool for the company by using a "coordinated social engineering attack."
Social engineering is a term that means hackers manipulate, deceive, or persuade their goal to hand over access to the system, rather than technically penetrate.
"The attackers successfully manipulated a small number of employees and used their powers to access internal Twitter systems, including bypassing two-factor protection measures," Twitter said on its blog on Friday, and Twitter did not mention how the personnel were tampered with.
Motherboard reported that a source involved in the hacking alleged that the attackers paid a bribe to a Twitter employee.
Twitter said it will implement additional training to protect against social engineering.
She notes that she is still investigating the attack and working with law enforcement, and that the FBI is looking into the breach.
She also confirmed that she was also restoring access to account holders who had been locked while seeking to retake the situation.
It appears that at least one affected account has returned to its owner, as Elon Musk began to Twitter again from his account late Friday.