Twitter suffers worst security breach in network's history
On July 15th, 2020, the massive short-form social network Twitter experienced its worst ever breach, with multiple high profile verified accounts, such as those belonging to Apple, Microsoft Founder Bill Gates, and former United States President Barack Obama, posting links to cryptocurrency scams disguised as charitable endeavors.
Once the issue had become widespread and tens of thousands of U.S. dollars worth of cryptocurrency had already been siphoned, Twitter managed to disable posting functionality for all verified accounts on the service. The Verge's Senior Editor Tom Warren noted that over $50,000 USD across over 200 individual transactions were given to the bitcoin address in Bill Gates' and Elon Musk's Twitter accounts alone.
In a Twitter Support postmortem, the team gave the following statement:
"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it."
One of the most alarming facts of this attack is the fact that most of the accounts that were hacked were secured by 2-factor authentication, meaning that Twitter's internal systems were able to manipulate account access on any account, even those for reputable brands and public figures. Twitter concluded its current status update by stating that it is taking "significant steps" to ensure access to internal tools is limited while they investigate the root cause of this breach.