Best daily deals

Affiliate links on Android Authority may earn us a commission. Learn more.

Here's how all those high-profile Twitter accounts got hacked

Twitter says an internal tool was used to hack accounts and spread the crypto scam. Here's how it all went down.
By
July 16, 2020
Twitter for Android App Icon Logo
Eric Zeman / Android Authority
TL;DR
  • Twitter says an internal tool was used to hack high-profile accounts.
  • Hackers apparently used the tool to change email addresses associated with affected accounts.
  • Twitter is working to restore all hacked accounts but has locked access to them for now.

The massive Twitter breach of high-profile accounts belonging to celebrities, politicians, trillion-dollar companies, and other public figures has taken the internet by storm. Twitter has been hacked several times before, but not at such an unprecedented scale involving a simultaneous attack on major accounts.

So how did hackers manage to pull off this large-scale attack on one of the most popular social media platforms? Twitter now has an answer.

The company has confirmed that its own internal admin systems and tools were exploited by hackers to gain access to popular accounts.

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter wrote in a threaded tweet explaining what happened. “We know they used this access to take control of many highly-visible (including verified) accounts and tweet on their behalf.”

You can read the entire tweet thread below.

Our investigation is still ongoing but here’s what we know so far:
— Twitter Support (@TwitterSupport) July 16, 2020

Twitter breach: Who was responsible?

Twitter’s statement seems to suggest that several people were involved in the hack. However, a TechCrunch report from earlier today claims that the attack was masterminded by a hacker who goes by the name Kirk. Sources tell the publication that Kirk made over $100,000 in just a few hours after gaining control of the internal Twitter tool.

The hacker used this admin tool to reset the email addresses associated with affected accounts and subsequently pushed out the dubious crypto scam message. Check out the screenshot of the exploited Twitter tool below.

Meanwhile, a report by Motherboard claims that a Twitter employee was responsible for this mess. Two sources who were involved in the breach told the outlet that a company insider was integral to the hacks and that they were paid for the job.

Twitter, however, hasn’t confirmed this. A spokesperson told Motherboard that the platform is still investigating the issue. The company is unsure if an employee hijacked the accounts or gave hackers access to the admin tool.

Whatever may have happened, Twitter is surely going to bear the brunt of this latest breach for a long time to come. It also saw a slide in stock prices because of the high-profile hacks and could face added scrutiny from authorities going forward.

For now, Twitter has locked all affected accounts and will only give owners access once they can be restored safely.

“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues,” the company stated in its last post on the support channel.


Interested in reading more about online security and privacy? Check out these links below.