Twitter hackopalypse. Major Twitter hack leaves 1000's of influential accounts blocked with ransomware-like demands (or get rich quick schemes)

It was 3am here when this happened. I kept refreshing the BTC Explorer with the address of Scammer.

Dude gained 100k USD within 1 hour. Some guy sent 4.5 BTC. Feeling sad for him.

1 Like

Wow :frowning:
I smell some lawsuits coming up against Twitter.

I was doing the same. I am sorry for the people but I don’t understand how can someone be that stupid.

SMART analytics company registered the hacker’s bitcoin address .com

bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh.com

And gave themselves a nice backlink that prob will get them some nice leads.

It had 6k visitors in the last 24 hours.

6 Likes

Wow !!

Lol
image

3 Likes

Yeah. If I remember correct.

It was sent right after the Scam Post was made on official Apple Account.

Can’t believe I’m saying this but Yair is right, the hacker could have done so much more damage to Apple & Twitter stock just by tweeting some nonsense about the CEO

1 Like

Is the hacker done? Im still not verified.

This was definitely a well coordinated attack.

I dont see how someone got an access to the admin panel just like that.

Even if you get login details of a such a high level admin access … you’d still have to be able to pass a ton of security measures in place. Wouldn’t they have a private login link, a firewall in place, an IP location detector that cancels logins from unknown locations and devices. Weird.

And this was definitely an attack towards the platform itself.

I’m sure the hackers got a lot of info too. Logins of all the accounts. And these would be sold on black market for a fat price soon.

Reminds me of when this happened to IG. You could buy mobile numbers of any account for some $5 on the dark web.

1 Like

Internal systems and tools are only accessible through a VPN connection through tokens that are only given out to Twitter employees, and are in most cases also tied to their GSuite Twitter[dot]com email address. I don’t know how accurate this is exactly, but from what I’ve read, someone managed to hijack an access token directly into their Account Discovery system (which apparently is ran through “Birdbox”/Salesforce).

This just goes to show that no websites and no systems are secure.

And for those wondering why Trump’s account wasn’t affected, it’s because his account is protected on another level. This happened after his account was suspended by a rogue employee on their last day in 2017.

It looks like things are back on track with Twitter, but I’m guessing that access to similar tools will be limited for all employees for a while moving forward.

10 Likes

Ironically if someone had tweeted from Trump’s it would have been more believable than all of the others put together - especially if they had put it in his wording…

‘I’m going to give out Bitcoin, it’ll be the best Bitcoin you’ll ever have, Bitcoin like no other country has. Bitcoin paid for by Mexico. Sleepy Biden uses Ethereum, typical liberal.’ :smile:

7 Likes

“But if you are from CHINA you won’t get any!”

3 Likes

14 Likes

Salesforces time has come

Post Must Be At Least 3 Characters
:rofl: :rofl: :rofl:

They got arrested today

https://www.justice.gov/opa/press-release/file/1300246/download

From page 12 it’s pretty interesting