We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
A number of high-profile Twitter accounts have been simultaneously hacked by attackers to spread a cryptocurrency scam, according to a report by Tech Crunch.
Twitter has responded to the incident on Wednesday. “We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly,” Twitter Support said in a tweet, adding that users may be unable to tweet or reset passwords while they review and address the incident, Xinhua reported.
The scammer’s website was quickly pulled offline. Kristaps Ronka, chief executive of Namesilo, the domain registrar used by the scammers, told Tech Crunch that the company suspended the domain “on the first report” it received.
The accounts being hacked included technology company @Apple, ride-hailing company @Uber, Democratic presidential candidate @joebiden, Former president @BarackObama, Amazon co-founder @jeffbezos, Tesla and SpaceX founder @elonmusk, Microsoft founder @billgates, and legendary investor @WarrenBuffet. Some of the accounts were quickly back under their owners’ control and the tweets sent out when those accounts were compromised were quickly deleted, the report said.
According to the report by Tech Crunch, security researchers found that the attackers had fully taken over the victims’ accounts, and also changed the email address associated with the account to make it harder for the real user to regain access.
Tech Crunch said in the report that these kinds of scams are common. Scammers take over high-profile Twitter accounts using breached or leaked passwords and post messages that encourage users to post their cryptocurrency funds to a particular address under the guise that they’ll double their “investment”.