Apple Twitter account hacked in Bitcoin scam campaign
The official Apple Twitter account appears to have been hacked as part of a bitcoin scam campaign that targeted other prominent tech accounts.
Credit: Twitter
"We are giving back to our community. We support Bitcoin and believe you should too!" the fraudulent tweet read, before giving instructions to send bitcoin to a wallet address and claiming that doubled payments would be sent back.
Apple appears to have cracked down on the tweet fairly quickly, which only appeared on the Twitter account for a brief time on Wednesday afternoon.
Along with the Cupertino tech giant, the Twitter accounts for Tesla CEO Elon Musk, Microsoft co-founder Bill Gates, Democratic presidential candidate Joe Biden and former President Barack Obama also appear to have been breached in the scam campaign. Other prominent figures and companies targeted by the bitcoin scammers include Coinbase, Coindesk, Binance, Mike Bloomberg, Gemini, Kanye West, Uber, Bitcoin and Jeff Bezos.
Musk appears to have been attacked first, with the scammer posting multiple tweets from the account Wednesday afternoon with the same bitcoin address seen in the Apple tweet. The hackers then moved on to Gates, Coinbase and Apple.
Although those fraudulent tweets were quickly removed, others were reposted after deletion, suggesting that the attackers may still have access to some of the accounts. Rumors circulating on social media claim a Twitter employee was successfully targeted as part of a spearphishing operation, granting attackers access to the social network's internal tool. This would explain how hackers accessed accounts protected by two-factor authentication.
Cryptocurrency exchange Binance called the campaign a "coordinated attack on the crypto industry," and told TechCrunch that its security team was "actively investigating."
According to a tweet security researcher @sniko_, the attackers may have gained full access to some of the cryptocurrency-related accounts by changing the email addresses associated with them.
The tweet on Apple's account was especially notable because the company doesn't post anything. Instead, it uses the Twitter account to push ads.
A Twitter spokesperson told Business Insider that the matter was "being looked into."
According to Blockchain Explorer, the scam has brought in more than $110,000 at the time of this writing.
Credit: Twitter
"We are giving back to our community. We support Bitcoin and believe you should too!" the fraudulent tweet read, before giving instructions to send bitcoin to a wallet address and claiming that doubled payments would be sent back.
Apple appears to have cracked down on the tweet fairly quickly, which only appeared on the Twitter account for a brief time on Wednesday afternoon.
Along with the Cupertino tech giant, the Twitter accounts for Tesla CEO Elon Musk, Microsoft co-founder Bill Gates, Democratic presidential candidate Joe Biden and former President Barack Obama also appear to have been breached in the scam campaign. Other prominent figures and companies targeted by the bitcoin scammers include Coinbase, Coindesk, Binance, Mike Bloomberg, Gemini, Kanye West, Uber, Bitcoin and Jeff Bezos.
Musk appears to have been attacked first, with the scammer posting multiple tweets from the account Wednesday afternoon with the same bitcoin address seen in the Apple tweet. The hackers then moved on to Gates, Coinbase and Apple.
Although those fraudulent tweets were quickly removed, others were reposted after deletion, suggesting that the attackers may still have access to some of the accounts. Rumors circulating on social media claim a Twitter employee was successfully targeted as part of a spearphishing operation, granting attackers access to the social network's internal tool. This would explain how hackers accessed accounts protected by two-factor authentication.
Cryptocurrency exchange Binance called the campaign a "coordinated attack on the crypto industry," and told TechCrunch that its security team was "actively investigating."
According to a tweet security researcher @sniko_, the attackers may have gained full access to some of the cryptocurrency-related accounts by changing the email addresses associated with them.
The tweet on Apple's account was especially notable because the company doesn't post anything. Instead, it uses the Twitter account to push ads.
A Twitter spokesperson told Business Insider that the matter was "being looked into."
According to Blockchain Explorer, the scam has brought in more than $110,000 at the time of this writing.
Comments
https://www.cnn.com/2020/07/15/tech/twitter-hack-elon-musk-bill-gates/index.html
Twitter (TWTR) accounts belonging to Joe Biden, Bill Gates, Elon Musk and Apple, among other prominent handles, were compromised on Wednesday and posted tweets that appeared to promote a cryptocurrency scam.
Cost of 1 bitcoin = $9,200
Assuming 1 bitcoin per stupid person. There are 12 stupid people that fell for this scam. I would have expected more...
Congratulation humanity! You’re smarter than I thought you were.
You can spoof the number showing on a call display. You can't spoof so a text goes to a different number. The usual method is to convince the original number holder's cell carrier to port the number to a new SIM.
That's pretty tricky even if you know the number and the account holder's details especially if the account has a PIN on it. Social Engineering only gets you so far.
https://cyware.com/news/understanding-sim-swapping-and-cloning-attack-techniques-230934eb
It's why it shouldn't be a 2FA option and why I wish password managers would let users know when better options are available.
It is most likely more than 12 people. Bitcoins don't have to be sent in integer amounts.
Together, these suggest the attacker may have had fairly direct write access to the user authentication database.
Nobody with the technical capability to do this wants the CIA and NSA to take a personal interest in finding them.