Writing at Vice’s Motherboard, Joseph Cox has dug into the hack of high profile Twitter accounts yesterday, including Apple’s:
The accounts were taken over using an internal tool at Twitter, according to the sources, as well as screenshots of the tool obtained by Motherboard. One of the screenshots shows the panel and the account of Binance; Binance is one of the accounts that hackers took over today. According to screenshots seen by Motherboard, at least some of the accounts appear to have been compromised by changing the email address associated with them using the tool.
This is a massive and serious security breach at what has become arguably the biggest social media platform of the 21st century. While the haul for the scam has apparently been somewhat meager (around $118,000 at last count), the bigger story is exposing the level of access that can be exploited by those with access to Twitter’s internal tools.
As our friend John Gruber pointed out, what if they’d used Biden’s account to tweet that he was dropping out of the presidential race? Or what if tweeting from Buffet or Bezos’s accounts had been used to promulgate disinformation? In other words, we’re kind of lucky that it was just crooks out for money rather than, say, agents of a foreign power trying to sow chaos.
Arguably the most high profile Twitter account belongs to the president, but it was unaffected by this hack as it appears to be under additional security after it was once temporarily deleted by a Twitter employee.
Part of Twitter’s response to this event was to shut down tweeting from verified accounts for several hours on Wednesday night, which is also fascinating insight into what measures the platform is capable of exercising in extreme cases.