Twitter Cypto Hack (Ongoing right now)

[ESPImperium]

Its a hack, they have found a venerability at the heart of Twitters God mode that can control all Tweets/Accounts.

[piratemonkey]

1 minute ago, ESPImperium said:

Its a hack, they have found a venerability at the heart of Twitters God mode that can control all Tweets/Accounts.

Source? or are you an employee or something? 

 

This is kinda interesting

[spartaman64]

i didnt know elon musk, bill gates, and jeff bezos all use the same bitcoin wallet

[BobVonBob]

This is shaping up to be the biggest security compromise in Twitter ever. Or perhaps this is another case like the self-retweeting tweet, where the problem is in some app that interfaces with Twitter being used by all of these people who got hacked. I really hope we get info on how this happened once it's fixed.

[piratemonkey]

Also @ESPImperium you spelled crypto wrong. 

[Kisai]

Just now, BobVonBob said:

This is shaping up to be the biggest security compromise in Twitter ever. Or perhaps this is another case like the self-retweeting tweet, where the problem is in some app that interfaces with twitter being used by all of these people who got hacked. I really hope we get info on how this happened once it's fixed.

It's probably not as complicated as people are making it out to be. One of three possiblities come to mind:

a) It's an inside job, eg someone inside was hacked and/or a twitter employee was partially responsible

b) Twitter API hack, likely something like tweetdeck that is managed by a social media manager got hacked

c) Twitter API hack 2, maybe there's a way to post as someone else that was discovered and there's no actual "hack" involved on the accounts, just the API endpoint wasn't verifying that they were who they said they were.

 

Either way B and C are easily taken care of since all someone had to do was look for every tweet with the same message, like any other spam. A would be something that requires more involvement.

 

Chances are that anyone stupid enough to send money was probably someone that was following MrBeast rather than Apple or Elon, as this is very much his style of doing things (giving money away.)

[Jayraven]

Jeff Bezos and Bills gates got hacked

[BobVonBob]

1 minute ago, Kisai said:

It's probably not as complicated as people are making it out to be. One of three possiblities come to mind:

a) It's an inside job, eg someone inside was hacked and/or a twitter employee was partially responsible

b) Twitter API hack, likely something like tweetdeck that is managed by a social media manager got hacked

c) Twitter API hack 2, maybe there's a way to post as someone else that was discovered and there's no actual "hack" involved on the accounts, just the API endpoint wasn't verifying that they were who they said they were.

 

Either way B and C are easily taken care of since all someone had to do was look for every tweet with the same message, like any other spam. A would be something that requires more involvement.

 

Chances are that anyone stupid enough to send money was probably someone that was following MrBeast rather than Apple or Elon, as this is very much his style of doing things (giving money away.)

I wasn't saying it was complicated, just musing on what could have happened. Given all the accounts compromised it's unlikely it's actual account hacking, so there's a vulnerability either in Twitter or in something connected to it that allows either tweeting as others or compromising an account nearly instantly. An outlandish but possible explanation, it might even be a password manager hack. At this point we only see the symptoms, not the cause, so it's difficult to determine with any degree of certainty what's happening here.

 

Also, there was over $100,000 USD in bitcoin sent to that wallet before Mr Beast's account was compromised, so it's not just his fans getting screwed.

[TetraSky]

It's ridiculous that they were still able to post as recently as a few minutes ago. 

[TehDwonz]

Hey at least we all get a break from tiresome blue-checks talking down at us for a while...

[ESPImperium]

40 minutes ago, piratemonkey said:

Source? or are you an employee or something? 

 

This is kinda interesting

No source, just what someone had as a Theory.

27 minutes ago, piratemonkey said:

Also @ESPImperium you spelled crypto wrong. 

Fixed.

 

 

All verified accounts on the platform have been temporarily stopped from tweeting right now.

 

Its as if someone somewhere is trying to send a message, with all the military buildups, trade wars and tech wars going on at the moment. That message is “We still own your asses” or something to that degree.

[BobVonBob]

Just now, ESPImperium said:

Its as if someone somewhere is trying to send a message, with all the military buildups, trade wars and tech wars going on at the moment. That message is “We still own your asses” or something to that degree.

I doubt the motivations are nearly that grandiose. Some hacker found an exploit and wanted to make a quick buck. "Send money to this bitcoin wallet" isn't exactly the message I'd expect from someone trying to create global tension.

[piratemonkey]

24 minutes ago, ESPImperium said:

Fixed.

...Forgot the r in crypto... sorry

[Kisai]

30 minutes ago, BobVonBob said:

I doubt the motivations are nearly that grandiose. Some hacker found an exploit and wanted to make a quick buck. "Send money to this bitcoin wallet" isn't exactly the message I'd expect from someone trying to create global tension.

Apparently all verified accounts were disabled from posting within the last hour, so presumably they're investigating this now.

[poochyena]

1 hour ago, Kisai said:

c) Twitter API hack 2, maybe there's a way to post as someone else that was discovered and there's no actual "hack" involved on the accounts, just the API endpoint wasn't verifying that they were who they said they were.

Thats my guess. That or there is a log in exploit thats allowing someone to log in without use of a password.

[realpetertdm]

PSA: you should enable two-factor authentication if you haven't

 

My account on  another forum website just got hacked, I'm completely locked out of it. If I had 2FA on then my account wouldn't have been hacked even if the attacker had my password and everything.

 

2FA can literally be a lifesaver and it can prevent a lot of incidents like this from happening

 

 

Twitter has a 2FA option, so please use it

 

[piratemonkey]

3 minutes ago, realpetertdm said:

PSA: you should enable two-factor authentication if you haven't

 

funnily? enough, the official ripple twitter account got hacked, and they confirmed they had 2fa on. I think it was some bug in an api

[realpetertdm]

4 minutes ago, piratemonkey said:

funnily? enough, the official ripple twitter account got hacked, and they confirmed they had 2fa on. I think it was some bug in an api

If that's true then yeah it's probably something wrong with the software like an exploit or a bug.

 

Still, turn 2FA on when possible, even if it's a bit annoying

[zeusthemoose]

Update: Twitter is saying that this is the result of one of the employees accounts getting hacked

 

Source: https://www.cnet.com/news/twitter-says-hackers-got-access-to-internal-tools-for-hijacking-spree/

[Arika]

anyone that falls for something like this is a moron

[Arika]

4 minutes ago, gabrielcarvfer said:

It was just the cherry on top. Can you imagine what kind of ransom the hackers can get with access to all the private messages they probably collected?

i dont think they got access to the actual accounts, just the ability to make posts on behalf of other people

[Kisai]

34 minutes ago, zeusthemoose said:

Update: Twitter is saying that this is the result of one of the employees accounts getting hacked

 

Source: https://www.cnet.com/news/twitter-says-hackers-got-access-to-internal-tools-for-hijacking-spree/

 

https://www.vice.com/en_us/article/jgxd3d/twitter-insider-access-panel-account-hacks-biden-uber-bezos

 

So... basically it was A.

[StDragon]

1 hour ago, zeusthemoose said:

Update: Twitter is saying that this is the result of one of the employees accounts getting hacked

 

Source: https://www.cnet.com/news/twitter-says-hackers-got-access-to-internal-tools-for-hijacking-spree/

Is it wrong to feel a sense of satisfaction that Twitter is getting spanked? 

[piratemonkey]

1 hour ago, Arika S said:

i dont think they got access to the actual accounts, just the ability to make posts on behalf of other people

I think (through the Twitter employee tool/portal) they could change the email of an account and reset the password giving access to the whole account.

 

Given that Twitter verification works (I think) by tweeting at an employee, I would think that a tool to help with account management at one point wouldn't be removed. 

 

This is just speculation, I doubt that Twitter would ever release that kind of info.

[mr moose]

9 hours ago, gloop said:

I don't mean to be rude, but how dumb do you have to be to fall for something like this?

Lots of people, the human brain evolved with reward mechanisms for survival, if you trip the reward or fear mechanism,  the brain typical overrides rational thought (which is too slow for survival purposes).  That is why we have so many conspiracy theories, people thinking they know better than the medical fraternity in general, people who buy into pyramid schemes and successful con artists like this.  

 

There is also substantial evidence to suggest that intelligence has little to do with how likely you are to fall for this.  We (being tech enthusiasts) aren't general victims because most of us have worked with victims or at least seen these scams many times before on the internet. We have become aware of the tactics and measures taken and have pre-established rules (like do not send money to strangers) to deal with it.  The average person who falls for these scams do not have the same forethought or experience.