Recent Bitcoin Hack Might Have Been an Inside Job

On July 15, high-profile Twitter accounts such as those of Elon Musk, Bill Gates, Kanye West, and Uber were hacked and tweeted a Bitcoin solicitation. The major security breach of more than 100 accounts have revealed major security problems for the company.

Internal and federal investigations are continually ongoing as the security breach seems to be connected to the company's employees and contractors. A Twitter spokesperson revealed that the hack was a result of internal employee tools were compromised. This has raised a lot of questions about the company's security protocols and the ability to protect user data.


The coordinated social engineering attack in the form of a Bitcoin scam also happened on the day of the social media platform's 14th anniversary. The tweets were asking followers to send bitcoin payments to the same address. Although the tweets had been removed on the same day, some of the verified accounts were locked as investigations began.

As the company investigated how the hack occurred from within the company, it was discovered that at least one Twitter employee was contacted via phone call. However, it remains unclear how the hackers were able to access the company's internal tools.


Currently, the company has around 1,500 employees and contractors that work on resetting accounts. One of the company's spokesperson said, "we have no indication that the partners we work with on customer service and account management played a part here."


What the Hack Exposed

130 accounts were targeted on July 15th. 45 of the passwords were reset and gave the hackers full access. They had even attempted to download the 'Your Twitter Data' archives on several accounts.

As investigations continue, Twitter is working on upgrading its security protocols. Employees have also been required to participate in an online security training course right after the incident. The spokesperson revealed that the employees and contractors only have access to tools that reset the account password with permission.

Paul Ortiz, one of the company's security consultants said, "Very few companies understand how vulnerable their operations are to compromise as they expand outside of their headquarters. This risk exponentially increases if third-party contract workers are introduced into the equation."

In previous years, there had been several security breaches including President Donald Trump's account being temporarily deleted in 2017. Continuous spying on several accounts had also been reported happening so often that Twitter's security team had struggled to keep track of the intrusions. Greater than the Bitcoin scam, the coordinated hack of multiple accounts exposed the company's need to upgrade security protocols.


Security Problem

Patrick Westerhaus, the CEO of Cyber Team Six shared, "The problem we see over and over again with technology companies that are hyper-focused on growth and revenue is an immature framework and general lack of concern for security, third-party risk, and anti-fraud controls." He explained that the security breach is common in young tech companies and successful startups.

Currently, Twitter continues to investigate what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it. Internally, the company has limited employee access to internal systems and tools as the investigation continues.

READ ALSO: Hackers TRICKED a Tesla: The Race to Fooling Artificial Intelligence

Join the Discussion

Recommended Stories

Real Time Analytics