Twitter Bitcoin Hack: Everything Company Has Said After Claim of Employee Involvement

Twitter's security team says "significant steps" have been taken to limit access to its backend systems after an unprecedented cyberattack.

The social networking giant suffered a major hack overnight as a series of high-profile accounts—including Elon Musk, Apple, Joe Biden, Bill Gates and Jeff Bezos—were compromised to spread a cryptocurrency scam to millions of followers.

The graphic below, provided by Statista, highlights the largest accounts affected by the hack.

Twitter Hack Statista
Number of followers of the largest Twitter accounts compromised in the July 15 hack. Statista

The scam itself is not new—the scale, however, was on a far greater level than ever seen before. The culprits who orchestrated the attack are unknown at the time of writing, but Twitter has released information giving its perspective on the intrusion.

The explanation came after technology website Motherboard reported a "Twitter insider" was potentially involved in the incident, which had been spearheaded with the use of an internal tool, based on screenshots that were circulating on social media.

One source claiming involvement in the takeover scam told Motherboard the insider had been paid for access, but the claim has not been independently verified.

In a statement, Twitter said that it detected a "coordinated social engineering attack" by "people who successfully targeted some of our employees with access to internal systems and tools," indicating more than one person was responsible.

The platform's preliminary investigation has confirmed that access was abused to "take control of many highly-visible accounts" and post updates on their behalf. It is clear the probe is far from over. What is unclear is the scope and scale of the attack.

Twitter said: "We're looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.

"Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers. We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.

"This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.

"We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely. Internally, we've taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues."

Twitter boss Jack Dorsey described it as a "tough day" for the company. "We all feel terrible this happened," he tweeted. "We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened."

Many key questions remain unanswered: how long did the hackers have access to the compromised accounts, what other information was put at risk, why did it take so long for Twitter to respond to the wave of takeovers and, ultimately, what happens now?

Twitter Jack Dorsey
Twitter chief executive officer Jack Dorsey testifies during a Senate Intelligence Committee hearing concerning foreign influence operations' use of social media platforms, on Capitol Hill, September 5, 2018 in Washington, DC. Drew Angerer/Getty

Update 7/16/20: This article was updated to include an infographic.