Is Twitter compromised? The bitcoin scam and the questions raised

Numerous accounts, including that of Tesla CEO Elon Musk, were hijacked on Wednesday

PTI11_12_2018_000095B Twitter CEO Jack Dorsey | PTI

Twitter, on Thursday, apologised after the accounts of some of the most high-profile users of the platform were hjacked and used to solicit bitcoins and digital currency. The hack was reported late on Wednesday. In a sign of the magnitude of the problem, Twitter, for a short while, prevented some verified accounts from tweeting altogether. 

The Verge reported that the chaos began when Tesla CEO Elon Musk’s Twitter account was compromised by a hacker intent on using it to run a bitcoin scam; the scammer solicited bitcoins, posting a wallet address. Similar tweets then spread like wildfire across verified Twitter accounts. According to Twitter, some of the verified accounts which were hijacked were: US presidential candidate Joe Biden, reality television show star Kim Kardashian, former US president Barack Obama, Amazon founder Jeff Bezos, investor Warren Buffett, Microsoft co-founder Bill Gates, the corporate accounts for Uber and Apple, and rapper Kanye West.

Reuters reported that publicly available blockchain records show that the apparent scammers have already received more than $1,00,000 worth of cryptocurrency. 

Twitter CEO Jack Dorsey wrote: “Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.” Product chief Kayvon Beykpour wrote: “Our investigation into the security incident is still ongoing but we’ll be posting updates from @TwitterSupport with more detail soon. In the meantime, I just wanted to say that I’m really sorry for the disruption and frustration this incident has caused our customers.”

Speaking to Reuters, some experts questioned the possibility of hackers accessing Twitter's internal infrastructure. "It is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application," said Michael Borohovski, director of software engineering at security company Synopsys, reported the news agency. "If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction," he said.

There are questions whether the hackers gained admin access on Twitter.  The VICE media's Motherboard reported underground hacking circles sharing screenshots of an internal Twitter administration tool allegedly used to take over the high-profile verified accounts. 

The company is still to share the complete details of the hack, and the magnitude of it.