Apple's Twitter Account Hacked by Bitcoin Scammers

[riverfreak]

Their accounts weren't hacked. It looks like Twitter was and whoever got in was able to get full admin access to the platform. Really not good.

That may be overstating what has happened.

If you had full admin access to Twitter (if a single solitary admin access even exists, which I doubt), would you post a bitcoin scam for a relatively small amount of money, or would you as silently as possible reside in the system, biding your time?

The bitcoin thing might even be a ruse, like a lot of ransomware is. My money is still on some third party being compromised that had saved auth tokens.

Still,as you say, really not good.

 

[edgonzalez32]

That may be overstating what has happened.

If you had full admin access to Twitter (if a single solitary admin access even exists, which I doubt), would you post a bitcoin scam for a relatively small amount of money, or would you as silently as possible reside in the system, biding your time?

The bitcoin thing might even be a ruse, like a lot of ransomware is. My money is still on some third party being compromised that had saved auth tokens.

Still,as you say, really not good.

I mean wouldn’t these account have had 2FA? Wouldn’t it require some sort of “admin” right to circumvent that?

Full disclosure I know next to nothing about IT security please feel free to school me.

 

[riverfreak]

I mean wouldn’t these account have had 2FA? Wouldn’t it require some sort of “admin” right to circumvent that?

Full disclosure I know next to nothing about IT security please feel free to school me.

No schoolin’ here! Just a friendly discussion.

I would assume these accounts would have 2FA enablEd. Perhaps these accounts were entrusted to a third party that provided some sort of monitoring and security. Perhaps that third party had access to auth tokens as well as something like time-based one time passwords.

I don’t know if such a service exists, or if they’d be retaining credentials like that. There are similar sorts of services for high value domains. Different beast, for certain.

That Twitter disabled posting from all verified accounts suggests some sort of systemic problem on their end.

 

[damphoose]

why is that ridiculous ? Riding on a horse is not an efficient way to get around unless you have a big plot of land and it would be absurd to look backwards. Especially when cars used to be needlessly massive and heavy as sedans with huge tail fins. Looking back one would wonder how that was a thing.
I don’t understand what you’re saying but hey if Twitter is the epitome of American ingenuity and like driving from a to b for you, fine

Those were the limitations of the “technology“. The horse was a superior technology to walking. The car, big an heavy as it was was superior as a technology to the horse. If the metallurgy existed to make lighter cars they would have. Nevermind. We are getting off topic and forums are not a good place to explain basic science, like how current technologies exist on the backs of previous technology, today what we call “iterations”. You missed a class somewhere.

 

[robgendreau]

Anyone else surprised that these lame-o's are sophisticated enough to hack all those accounts at Twitter, but could only come up with this grade school attempt at monetizing it?

They obviously needed a better business plan and marketing department. Embarrassing.

 

[ghostface147]

What was their password? Nc1707-password?

 

[ArtOfWarfare]

If you had full admin access to Twitter (if a single solitary admin access even exists, which I doubt), would you post a bitcoin scam for a relatively small amount of money, or would you as silently as possible reside in the system, biding your time?

IDK... this doesn't necessarily seem like anything harder than a script kiddie could figure out. Learn the login of somebody at Twitter, log into their account at AWS, then find the admin scripts. Use admin scripts to tweet as the 1000 accounts with the most followers.

To a kid who hasn't worked, this could certainly seem like a huge amount of money that they've brought in.

What better idea do you have for how to make money you've broken in?

 

[PinkyMacGodess]

The sad part of this story is that the scammers do this because a surprisingly large number of people respond to this crap, giving them LOTS OF MONEY, and the scammers get rich.

Remember Bernie Madoff? He bilked BILLIONS from people you would think were smart. People that wouldn't fall for 'get rich quick schemes'. I remember several causes that I donated money to that lost their entire holdings, and disappeared.

If it sounds out of character, sounds too good to be true, sounds too sure you are going to make 200% of what you are sending them, don't even bother to walk, or run. Send ME your money! I will love it and spend it only on the good things in life that I really need! A Ducatti Monster (for every day of the week), a Bombardier Global 8000, a 128M 'boat' (merely a dinghy), and a 250,000 square foot 'cottage'. All necessities. Honest.😉

 

[damphoose]

True in Detail, but the underlying premise is correct. Question is would people jump to a new platform?
And would a new platform be allowed to be established or would activists come up with a number of real or imagined reasons to campaign against potential advertisers on a new platform? Cancel culture is a tad out of control at the movement.

Looking at the way its being reported. The news has shifted to foucsing on the high profile people‘s accounts that were hacked and less so on the fact that Twitter is not secure. (or is it. I am not a security expert so I cannot say this was something Twitter did or these individuals did not secure their accounts properly)

I seriously doubt this will have far reaching consequences beyond next week. Everyone will forget this soon enough.
The Equifax and other credit bureaus hack was far more damaging to far more people and it did not change the fact the companies still use the them and the other credit bureau.
I see the stolen amount is up to $120K. So nothing compared to the Equifax hack.

It use to be if you had bitcoins, and knew how to send and receive them, you were somewhat savvy about the web. When did that change?

 

[PinkyMacGodess]

What was their password? Nc1707-password?

One client's password for their server was 'RichDick'. Their president's name was 'richard'. Yeah, he was the later. One group I subcontracted with used the default password 'NotYou'. I kid you not. I changed it up and added an exclamation point. 'NotYou!'. You would have thought I stole the crown jewels! (The contractor accused me of highway robbery! I might have forgotten to tell them about that. It was a bank) Never underestimate a user (or a brain dead support company). Users WILL sink to a new low. Count on it...

 

[nvmls]

Well deserved, these social sites only contribute trash to mankind.

 

[riverfreak]

IDK... this doesn't necessarily seem like anything harder than a script kiddie could figure out. Learn the login of somebody at Twitter, log into their account at AWS, then find the admin scripts. Use admin scripts to tweet as the 1000 accounts with the most followers.

To a kid who hasn't worked, this could certainly seem like a huge amount of money that they've brought in.

What better idea do you have for how to make money you've broken in?

Not how systems at scale operate (and many APTs have ulterior motives beyond profit).

 

[Apple_Robert]

Well deserved, these social sites only contribute trash to mankind.

A lot of companies use Twitter for customer support. Not everything on the platform is garbage. Overall, it is a waste land of mindless gifs and juvenile rhetoric.

 

[JosephAW]

Maybe twitter will go away soon?

 

[edgonzalez32]

No schoolin’ here! Just a friendly discussion.

I would assume these accounts would have 2FA enablEd. Perhaps these accounts were entrusted to a third party that provided some sort of monitoring and security. Perhaps that third party had access to auth tokens as well as something like time-based one time passwords.

I don’t know if such a service exists, or if they’d be retaining credentials like that. There are similar sorts of services for high value domains. Different beast, for certain.

That Twitter disabled posting from all verified accounts suggests some sort of systemic problem on their end.

Ah that makes a lot of sense. God there’s so many nuances that go into something like this at this scale.

 

[wigby]

not Trump?

No but Kanye. Same diff.

 

[cardfan]

heh. Don’t use Twitter anyways. Hopefully it goes away.

 

[Fuzzy Dunlop]

https://twitter.com/x/status/1283503551994630146

🤔

 

[Dammit Cubs]

If people fall for this. They deserved it. Sorry but not sorry.

I also know a prince in Nigeria who might be of assistance.

 

[Plutonius]

How do people not know this is a scam????

Because it's from Apple.

 

[MacLawyer]

Security concerns and other reasons are why I left Twitter last year.

 

[Treq]

So you're saying I'm not getting any money?

 

[Pd1987]

not Trump?

Curious, isn't it?
I hate to sound paranoid, but imagine if this happens to high-profile politicians or world leaders. And with how long it takes for Twitter catch these hacks...Hackers could post anything. It could literally spell catastrophe. Holy 💩

 

[TMRJIJ]

How do people not know this is a scam????

It’s 2020. Anything goes this year

 

[groundedUX]

possibly was a nation state’s response to Huawaii / U.K. issue and Hong Kong being taken off preferred trading status.