A wave of tweets in apparent hacking swept through Twitter on Wednesday, with more than half a dozen high-profile accounts – belonging to U.S. presidential candidate Joe Biden, Microsoft co-founder Bill Gates, former U.S. President Barack Obama, Israeli prime minister Benjamin Netanyahu and rapper Kanye West, among others – used to solicit bitcoin donations.
Some of the tweets were swiftly deleted but there appeared to be a struggle to regain control of the accounts. In the case of billionaire Telsa Chief Executive Elon Musk, for example, one tweet soliciting cryptocurrency was removed and, sometime later, another one appeared, and then a third.
Among the others affected: Amazon founder Jeff Bezos, Berkshire Hathaway chief executive Warren Buffett, Bloomberg LP co-founder Michael Bloomberg, reality television personality Kim Kardashian-West and the corporate accounts for Uber and Apple. Several accounts of cryptocurrency-focused organizations were also hijacked.
Biden’s campaign was “in touch” with Twitter, according to a person familiar with the matter. The person said the company had locked down the Democrat’s account “immediately following the breach and removed the related tweet.”
Twitter temporarily took the extraordinary step of preventing for several hours at least some verified accounts from publishing messages altogether. It said it would restore access only when it was certain it could do so securely.
It was not clear whether all verified users were affected but, if so, it would have a huge impact on the platform and its users. Verified users include celebrities, journalists, and news agencies as well as governments, politicians, heads of state and emergency services.
Twitter said employees with access to its internal systems had been successfully targeted by hackers who “used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.”
“We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” the company said.
Chief Executive Jack Dorsey earlier said the company was diagnosing the problem and pledged to share “everything we can when we have a more complete understanding of exactly what happened.”
“Tough day for us at Twitter. We all feel terrible this happened,” he said in a tweet.
The unusual scope of the problem suggested that it was not limited to a single account or service. While account compromises are not unusual, experts were surprised at the sheer scale and coordination of Wednesday’s incident.
Some experts said the incident has raised questions about Twitter’s cybersecurity.
“It’s clear the company is not doing enough to protect itself,” said Oren Falkowitz, former CEO of Area 1 Security.
“This appears to be the worst hack of a major social media platform yet,” said Dmitri Alperovitch, who co-founded cybersecurity company CrowdStrike.
Alperovitch, who also chairs the Silverado Policy Accelerator, said that, in a way, the public had dodged a bullet so far.
“We are lucky that given the power of sending out tweets from the accounts of many famous people, the only thing that the hackers have done is scammed about $110,000 in bitcoins from about 300 people,” he said.
Some experts said it seemed probable that hackers had access to Twitter’s internal infrastructure.
“It is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application,” said Michael Borohovski, director of software engineering at security company Synopsys.
“If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction,” he said.
Altogether, the affected accounts had tens of millions of users.
Twitter said it was investigating what it called a “security incident”. Shares in the social media company tumbled almost 5 percent in trading after the market close before paring their losses.
Publicly available blockchain records show that the apparent scammers have already received more than $100,000 worth of cryptocurrency.