130 high-profile Twitter accounts targeted in hacking attack

130 high-profile Twitter accounts targeted in hacking attack

More than a hundred high-profile Twitter accounts have been hacked, the social network confirmed, as fresh evidence emerged linking the attack to a small group of petty hackers.

One hundred and 30 accounts were affected in the unprecedented attack, Twitter said in a statement on Friday morning, adding that “for a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts”.

“We are continuing to assess whether non-public data related to these accounts was compromised, and will provide updates if we determine that occurred,” Twitter said.

While investigations continue, evidence posted to Twitter shortly before the attack suggested a link to a small group of hackers who had previously attempted to monetise their access by stealing and selling accounts with valuable or desirable usernames, such as single characters or first names.

These accounts, known as “OG” – or “original gangster” – accounts, are commonly the target of hacking attempts. As far back as 2018, hackers were hijacking phone numbers in order to then break the two-factor authentication on OG accounts on Twitter and Instagram with usernames such as @t or @sex.

Shortly before the widespread attack, a post on one forum dedicated to hacking OG accounts offered access to any Twitter handle for $2,500 to $3,000 – and offered to reset the email addresses linked to individual accounts for just $250.

That method chimes with the technique described by one OG account holder, the security researcher Lucky225, who controlled the account @6, which had been owned by the deceased hacker Adrian Lamo. In a detailed account posted on Thursday, Lucky describes an attack on @6 that involved first resetting the email address associated with the account, and then disabling the two-factor authentication used to protect it.

“It appears that having Twitter admin access doesn’t allow you, by itself, to just unilaterally breach any account you want,” Lucky wrote. “It does give Twitter employees tools to help people who they legitimately believe have been locked out of their Twitter account.”

Brian Krebs, an independent security reporter, connected the @6 attack to another similar hack, of the account @b. In that case, the person who took over the account tweeted pictures showing the internal control panel they had used to seize the account.

“There are strong indications that this attack was perpetrated by individuals who’ve traditionally specialised in hijacking social media accounts via ‘SIM swapping’, an increasingly rampant form of crime that involves bribing, hacking or coercing employees at mobile phone and social media companies into providing access to a target’s account,” Krebs concluded.

Some investigators and hackers believe that Kirk gained access to Twitter credentials through Twitter’s internal Slack channel, according to the Times. Twitter did not immediately respond to the assertion.
The hack has drawn the attention of the FBI, which is investigating the situation, according to a report by Reuters.

As Covid-19 spreading all over the world, so please stay safe, take care of everyone and watch our blogs at GadgetsTricks.com to know more about online cyber activities and to get protected from cyber attacks.

Thanks For Your Time !