The Twitter hack: Why Elon Musk, Bill Gates, Jeff Bezos and others might have reason to be worried

The real problem is not the cryptocurrency scam…

The Twitter hack: Why Elon Musk, Bill Gates, Jeff Bezos and others might have reason to be worried

Twitter has shared more information about the high profile hack it suffered yesterday which saw highstreet brands and public figures have their accounts hijacked to promote a cryptocurrency scam.

In a series of tweets, @TwitterSupport said that it had found no evidence that whoever breached the accounts – possibly via Twitter’s own internal administration tool – accessed any passwords.

As a result, it’s not calling on users to change their passwords. Of course, it would be remiss of me not to take the opportunity to remind anyone who hasn’t yet done so to protect their Twitter account with two-factor authentication (2FA).

Log in authentication app

Having 2FA wouldn’t have protected you from this latest attack, because Twitter’s internal tool is capable – no doubt – of disabling it on user accounts, but normally it’s a very sensible idea to have the option enabled.

But what I think is most interesting is what Twitter hasn’t said.

Sign up to our free newsletter.
Security news, advice, and tips.

The hackers who compromised high profile Twitter accounts used the platform to post a fairly rudimentary cryptocurrency scam to millions of followers

Here, for instance, is what was posted from the Twitter accounts of Elon Musk, Jeff Bezos, and Bill Gates:

Elon musk tweet

Bezos tweet

Gates tweet

Like I said, a simple scam which attempts to trick the unwary into sending their Bitcoin fortune into the void, with little prospect of ever seeing it come back again. We’ve seen plenty of these, in various forms, in the past.

But in order to post those messages on this occasion, hackers had access to the Twitter accounts.

And that means they could also read private direct messages (known as DMs) sent and received from those accounts.

As TechCrunch reports, Twitter has not responded to questions about whether hacked users had their DMs accessed.

Clearly, it was possible for DMs to be read by the hackers. Whether they did or not is a different question.

But if hackers were able to access the private messages sent to and from Twitter accounts – including those belonging some of the world’s richest and most powerful people – I think that’s a much more chilling thought than a cryptocurrency scam being spammed out under their name.

It’s easy to imagine, for instance, how a sensitive personal message might be used against a high profile figure by an extortionist – whether that extortionist be a common-or-garden blackmailer or a nation state.

Other victims of the Twitter hack include Barack Obama, Joe Biden, Michael Bloomberg, Warren Buffett, Floyd Mayweather, Kim Kardashian, and Kanye West.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.