A host of prominent Twitter users had their accounts hacked in a Bitcoin scam and claimed screenshots from the hackers show tools used to blacklist accounts.
Some of the most followed Twitter accounts, including US politicians and business leaders, were hacked, causing them to tweet messages promising to double any bitcoin sent to a provided link. Needless to say, any cryptocurrency transferred was never returned, let alone doubled. As soon as Twitter saw what was going on it deleted the tweets and locked every verified account while it tried to get to the bottom of it.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
If you scroll down the thread above, you can see that the Twitter investigation identified ‘a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.’ In other words a Twitter administrator either performed the bidding of the hackers, or gave them direct access to the platform’s back-end controls.
A couple of those hackers decided to decided to share their exploits with Vice, including screenshots of the Twitter admin console. The image below, taken from the Vice story, appears to show some of the tools available to Twitter admins, including the ability to suspend accounts and place them on two types of ‘blacklist’.
We don’t know exactly what being blacklisted entails, but the name of the tools strongly implies accounts can be prevented from appearing in searches and trending lists, even while they’re still otherwise active. We’re also not aware of any precedent for accounts being notified when they are placed on one of these blacklists, which adds weight to claims that Twitter seeks to manipulate conversation on its platform through the means of ‘shadow banning’.
Twitter is apparently suspending accounts that share the above image and finds itself in a very awkward position as a result of this hack. While the breach itself is embarrassing, this reminder of how much power it has over the public square, and how badly secured that power is, will serve as a wake-up call to politicians and regulators of the public interest in taking a closer look at how Twitter manages its affairs.
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
— jack (@jack) July 16, 2020