Social media giant Twitter is scrambling to fix a major hacking of its system that has seen fake messages posted to some of the most-followed accounts in the world.
Among those targeted on Wednesday were former US President Barack Obama, Democratic presidential candidate Joe Biden and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk.
The unidentified hackers broke into the high-profile accounts in a scam apparently designed to lure people into sending money to an anonymous bitcoin account
Here is what we know so far:
Twitter says it is still investigating but believes it fell victim to “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools”.
“Social engineering” describes fraudsters trying to manipulate their targets into divulging confidential information. The network’s admission means that even IT-savvy staff at one of the world’s best known internet companies are not immune.
“Tough day for us at Twitter,” CEO Jack Dorsey said.
“We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”
Citing web screenshots and two anonymous sources apparently behind the hack, Vice reported that a Twitter insider was responsible. One of the sources told the media group they had paid the employee.
“That (Vice report) is deeply troubling as these platforms have such influence,” said Professor Alan Woodward, of the Centre for Cyber Security at the University of Surrey in Britain.
“It maybe suggests that no one person should be able to use these internal tools: it’s more difficult to bribe four eyes than two,” he told AFP news agency.
What has the impact been?
So far, limited. Twitter reacted quickly to deactivate the targeted accounts, delete the hoax messages and stop their onward transmission.
The fake posts said people had 30 minutes to send $1,000 in bitcoin to receive twice as much in return.
A total of 12.58 bitcoin – worth almost $116,000 – were sent to email addresses mentioned in the fraudulent tweets, according to Blockchain.com.
Ina Fried, chief technology correspondent at Axios, told Al Jazeera “this was all about opportunity”.
“Very high profile people reach a lot of people very quickly; bitcoin is something that can be turned into cash very quickly, anonymously – so I think somebody found a very clever way to extract a lot of money from people in in a very quick amount of time.”
Gerome Billois, Paris-based cybersecurity expert for the consultancy Wavestone, said early indications were that “at least one person has in recent days been trying to hawk access to individuals’ certified accounts on the dark web, without success”.
“It seems therefore that they decided to exploit the accounts themselves to try to make a quick buck,” he said.