Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireCybersecurity News

Apple, Gates, Biden, Musk and other high-profile Twitter accounts hacked

hacker- enews
July 16, 2020

Twitter accounts belonging to Joe Biden, Bill Gates, Elon Musk and Apple, and other high-profile accounts, were compromised in what Twitter said it believes to be an attack on some of its employees with access to the company's internal tools, says a CNN news report. 

"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," Twitter's support team said late Wednesday.

According to CNN, the attackers posted tweets that appeared to promote a cryptocurrency scam. The accounts, along with those of former President Barack Obama, Kanye West, Kim Kardashian West, Warren Buffett, Jeff Bezos and Mike Bloomberg, posted similar tweets soliciting donations via Bitcoin to their verified profiles on Wednesday.

Brandon Hoffman, CISO, Head of Security Strategy at Netenrich, a San Jose, Calif.-based provider of IT, cloud, and cybersecurity operations and services, says, “There is a lot of interesting speculation floating around about today’s Twitter hack. Due to a lack of any reliable or apparent source, that is really all anybody can provide at this time. As a security expert, there are many possible situation that could have led here. At this time none are probable though. The idea floating around that there is a user administrative panel that was accessed through an employee’s credentials is on fire. It is on fire for two reasons. The first is that credentials are likely going to be the way this was perpetrated. The second being that the existence of a user admin panel, which shouldn’t exist, in such an iconic tech company like Twitter is so scandalous that security people will eat it up. Other popular theories will surface about a Twitter insider, or some zero day, possibly an unknown credential stealing piece of malware. In the end I think we will find out that somehow credentials were stolen, either from an employee or from the account holders themselves through a variety of methods. The credentials were probably offered for sale on the dark web in piecemeal form and a cybercriminal with vision bought them for this campaign. However, that’s just another theory.”

Shawn Smith, DevOps Engineer at nVisium, a Falls Church, Virginia-based application security provider, notes, “There's several ways these high profile Twitter accounts could have been compromised. For example, a fairly common support feature is to allow administrative and other privileged personnel to impersonate other users to test functionality as that user. So if Twitter has made this sort of a setup available, it is quite possible an account with access to this feature was compromised therefore leading to additional account compromise. As such, if a staff (or worse, a privileged) account was compromised, it could also just be using it to reset passwords and login for the targeted accounts. SMS interception on password resets, and password reset logic flaws are also vectors for general social media account compromise. Additional other ways for Twitter account compromise are generally due to phishing attacks or linked accounts being taken over, but the number of accounts being compromised so quickly makes these attack vectors somewhat unlikely unless carefully coordinated and orchestrated by a syndicated effort. However, without a detailed analysis, we are all just speculating."

Battista Cagnoni, Senior Consultant, Advisory Services at Vectra, a San Jose, Calif.-based provider of technology which applies AI to detect and hunt for cyber attackers, adds, “Rogue insider or duped employee aside the illegitimate use of administration tools by legitimate users is challenging to detect, which is why privileged access remains a critical attack vector in so many breaches. This high-profile attack on one of the world’s largest social media platforms looks to have limited success in terms of financial gain, but for obvious reasons, has significant impact in terms of visibility and the potential to damage to brand reputation. Over the next few hours and days, incident responders will be working hard to scope out the totality of the compromise and looking for any evidence of remote orchestration in case the attackers have been able to penetrate and gain persistence inside Twitter’s systems.”

“There are two key red flags I recommend consumers look out for to avoid falling victim to phishing schemes on any platform, including Twitter, email, or text,” said Paige Schaffer, CEO of Global Identity and Cyber Protection Services for Generali Global Assistance. "First: when you see an exciting time-sensitive offer, like in yesterday’s hacked posts, take a moment to read the text carefully as you’ll probably notice some grammar and spelling issues, which is a common red flag to look out for when you suspect a possible phishing scam. Elon Musk’s hacked tweet yesterday is one example of this. Second: generally any type of offer that involves providing some initial funding in order to secure a large return at a later time is almost always a scam, especially when combined with an “urgent” call to action.”

KEYWORDS: cyber security hacking information security Twitter Security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • twitter-freepik1170x658v5.jpg

    Musk’s Twitter takeover and its security implications

    See More
  • Been Hacked? Let That Be a Lesson to You

    FC Barcelona Official Twitter Hacked by OurMine

    See More
  • password

    Donald Trump's Twitter hacked after researcher guessed password

    See More

Related Products

See More Products
  • highriseproductphoto

    High-Rise Security and Fire Life Safety, 3rd edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing