Massive hack roils Twitter after seizing accounts of Obama, Biden and others

Unknown hackers plunged Twitter into chaos on Wednesday evening, commandeering the accounts of high-profile politicians and other famous figures in a massive breach that forced the social network to curtail access and disrupted everything from news coverage to government tornado warnings.
The fraudulent tweets sent from the accounts of high-profile figures such as former President Barack Obama, presumptive Democratic presidential nominee Joe Biden, former New York City Mayor Mike Bloomberg, former Microsoft CEO Bill Gates and rapper Kanye West asked people to send Bitcoin contributions to a mysterious address, with promises of doubling them. In a number of cases, the hackers pinned the tweets to the top of victims’ accounts, raising their visibility.
Twitter blamed the turmoil on a "coordinated" attack "by people who successfully targeted some of our employees with access to internal systems and tools." The company added late Wednesday that it is "looking into what other malicious activity they may have conducted or information they may have accessed."
In a desperate move to squelch the scam, the company disabled verified Twitter users’ ability to tweet and modify their accounts for hours Wednesday evening, severing a key communications mechanism for businesses, journalists, politicians and other prominent people and organizations.
That meant that President Donald Trump — whose account had not been compromised — was unable to send tweets to his 83 million followers for much of the evening. Instead, he turned to Facebook to announce he was replacing his campaign manager.
Twitter reactivated verified accounts around 8:30 p.m. EDT.
"Tough day for us at Twitter," CEO Jack Dorsey tweeted later. "We all feel terrible this happened."
The hackers’ Bitcoin address received more than $118,000 from 358 transactions in the early hours of the scam. That would amount to roughly $330 per victim, although Bitcoin scammers have been known to send themselves money from decoy accounts to give their promises the air of legitimacy.
The FBI said it was aware of the hacks but declined to comment further. Its San Francisco field office advised the public “not to fall victim to this scam” by sending the hackers money.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency referred questions about the incident to Twitter.
The mass hack demonstrated the vulnerability of a service that has become a crucial forum for celebrities and powerful figures such as Trump, who regularly uses the site to announce major policy decisions. With less than four months before the presidential election, the breaches also underscored the potential for hackers to sow disinformation by impersonating politicians and other famous individuals.
“It’s an important reminder of how much work we have to do to fully protect our elections and domestic discourse from malicious actors,” said Simon Rosenberg, the president of the liberal think tank New Policy Institute, who previously advised the Democratic Congressional Campaign Committee on countering disinformation.
The Biden campaign told POLITICO that Twitter locked his account immediately after the breach and deleted the offending tweet. The campaign said it was staying in touch with Twitter about the attack.
“While this appears to be financially motivated, we can expect similar tactics to be used to propagate disinformation,” said Lisa Kaplan, the founder of Alethea Group, which advises organizations on disinformation operations.
The severe disruption to one of the world’s largest social media platforms also highlighted its importance to everyday civic functions. As the National Weather Service declared a tornado watch for parts of southern Illinois, the agency’s regional Twitter account found itself unable to warn residents of the danger.
Hackers have used Twitter to spread lies from authoritative accounts before. In 2013, unknown actors compromised The Associated Press’ account and falsely tweeted about explosions at the White House that had injured Obama. Stock markets immediately plunged.
Wednesday’s hack is sure to renew lawmakers’ interest in oversight of Silicon Valley’s massively influential platforms, which have spent years under Washington’s microscope over their advertising, privacy and security practices. Barely hours after the spam tweets began appearing, Sen. Josh Hawley (R-Mo.), a leading critic of the tech industry, sent Dorsey a letter demanding answers — including to the question: “Did this attack threaten the security of the President’s own Twitter account?”
Rep. John Garamendi (D-Calif.) agreed that the incident raised serious questions.
“I don’t have any bitcoin to offer you but I do have grave concerns about what today’s hack of @Twitter means for the safety of our elections and other critical infrastructure from hostile actors,” Garamendi tweeted. “Now more than ever we have to strengthen our nation’s cyber security.”
The scope of the incident raised the possibility that it involved a compromise of the super-powerful administrator tools that let Twitter employees manage user accounts. In 2011, Twitter settled a case with the Federal Trade Commission involving a breach of that system.
In a more recent example, a rogue Twitter employee briefly disabled Trump’s account in 2017 before leaving the company.
Twitter's statements late Wednesday described the breach as a "social engineering attack," a cybersecurity term that generally refers to ploys in which hackers dupe people into giving up sensitive information such as passwords.
The fact that the still-unknown hackers used their widespread access to high-profile Twitter accounts to hawk a cryptocurrency scam, instead of waiting until closer to the election to spread false information, suggests that they are criminals rather than government operatives, according to some cybersecurity experts. But nothing is certain — the hackers could be nation-state actors simply trying to undermine long-term confidence in Twitter’s stability.
And where one vulnerability exists, others may linger, too.
“No organization is immune to compromise, and every public figure needs to be prepared that they could be targeted for political or financial gain,” said Kaplan, who led efforts to protect Sen. Angus King (I-Maine) from disinformation as his digital director during the 2018 midterms.
“I still remain very concerned about coming ‘hack and dump’ operations” leading up to the election, said Rosenberg. “Far too many prominent actors in U.S. politics are not still not adhering to high enough levels of cybersecurity for all their devices. … We have a lot of work to do.”
Trump's campaign, meanwhile, wasted no time capitalizing on the attack.
“I’ve seen creative ways to disguise a tax increase, but this takes the cake,” tweeted Tim Murtaugh, director of communications for the Trump campaign, shortly after Biden’s account was hacked. “Hacked account or not, this is a perfect metaphor for Biden's pitch to taxpayers: ‘Give me your money!’”
Rep. Alexandria Ocasio-Cortez (D-N.Y.) issued a preemptive warning not to give Bitcoin to any links sent from her account in case she is also attacked.
“Please be vigilant about any bitcoins scams and do NOT click on any suspicious links,” she wrote. “Just in case, if my account tweets any bizarre links related to cryptocurrency, do NOT click on it.”
Bob King contributed to this report.