by Graham Cluley
More information has emerged related to last week’s attack which saw a number of high profile Twitter accounts hijacked for the purposes of spreading a cryptocurrency scam.
Twitter has already said that 130 Twitter accounts were targeted by hackers, using tools that should only have been available to the site’s internal support team. Those tools allowed attackers to reset passwords, login to accounts, and send tweets like this sent from @BarackObama:
Other accounts which sent out similar tweets included ones belonging to presumptive US Presidential Candidate Joe Biden, Elon Musk, Amazon founder Jeff Bezos, Bill Gates, Kanye West, Uber, Coinbase, and Apple.
Followers of the accounts were told that all they had to do was send Bitcoins to a cryptocurrency wallet in order to have their funds doubled. Obviously, the offer was too good to be true, and over $100,000 is thought to have been sent to the scammers by unwary Twitter users.
As I wrote last week, affected Twitter users had more to worry about than just their accounts being exploited by criminals for the purposes of spreading a scam.
A bigger potential concern was that if someone had managed to gain access to a Twitter account then they would also be able to read private messages (known as direct messages or DMs in Twitter parlance) sent and received from those accounts.
Such information could – if it fell into the wrong hands – be potentially used to blackmail or apply pressure on someone who did not want their private communications to be made public.