• Krebs: Here’s how all of those Twitter accounts got hacked

    Posted on July 17, 2020 at 09:36 CDT by Comment in the Forums

    Talk about a sobering experience. Yesterday, as I (and about a million others) reported, somebody got hold of the Twitter accounts belonging to Bill Gates, Elon Musk, Jeff Bezos, Apple, Kanye West, Mike Bloomberg, Barack Obama, Joe Biden, Uber, Warren Buffet, and many others. The miscreant started sending out messages asking folks to send them $1,000 in Bitcoin – promising that the luminary would return $2,000.

    Brian Krebs tracked down the perp — more accurately, perps — and it makes a fascinating story:

    “The way the attack worked was that within Twitter’s admin tools, apparently you can update the email address of any Twitter user, and it does this without sending any kind of notification to the user,” Lucky told KrebsOnSecurity. “So [the attackers] could avoid detection by updating the email address on the account first, and then turning off 2FA.”

    This Twitter hack could have let the attackers view the direct messages of anyone on Twitter, information that is difficult to put a price on but which nevertheless would be of great interest to a variety of parties, from nation states to corporate spies and blackmailers.

    There were multiple people involved in the Twitter heist.

    In short, if you use mobile phone SMS to verify a log on to an account, you could get slammed. Normal people don’t have to worry about it yet. But high-profile accounts are definitely in the crosshairs, and it’s probably just a matter of time before SMS-based hijacking becomes more pedestrian.

    Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.