Twitter's Tough Day. What Happened?

A hacker accessed Twitter's internal systems and made away with $100,000 in Bitcoin in minutes.

According to TechCrunch, the cybercriminal goes by the name of "Kirk" amongst the hacker community. It appears "Kirk" gained internal admin access by Social Engineering some Twitter employees.

"Kirk" initially tried to sell stolen Twitter handles. Those one-letter "@'s" are worth some good money!

When that didn't produce enough revenue, "Kirk" changed his approach. This is when he started posting the now-infamous tweet on several high profile accounts. These tweets went out from the likes of Bill Gates, Barack Obama, Elon Musk and others.

The hacker put in his own Bitcoin (BTC) address, so all payments went directly to "Kirk." And it turns out, over 300 people fell for the scam, providing him with a tidy $115,000 in minutes.

Twitter Co-Founder and CEO, Jack Dorsey after the July 15 attack.

It was a very tough day, for sure! The above is from Twitter's CEO Jack Dorsey.

And it could be tough days ahead for the rest of us. Especially as we enter election season in the US. This adds to recent privacy concerns over at TikTok.

Twitter occupies a critical role in disseminating news and information from high profile individuals. You'd have to be living under a rock to miss Trump's tweets, after all.

“Russia’s most dangerous play is how do you inflict the maximum amount of chaos on Election Day. They want to further erode confidence in democracy, and this is emblematic of a way they can do that.”

We don't know if "Kirk" is associated with any nation-state. Either way, this illuminates the path for disinformation and fake news. In fact, there are even cybercriminal cartels and hackers-for-hire.

And let's loop back to the top, where Twitter Support highlighted Social Engineering as the attack vector. The most common form is Phishing, and your team needs to be aware of all forms of Social Engineering.

Are you ready to take action?
We make it easy to protect your team from attacks just like this one. Find out how to protect your team with INFIMA's Automated Security Awareness platform.

To get a quote, set up a call with our (non-pushy) team here!

Original articles here, here and here.