'This is a big deal': Cyber security, tech experts weigh in on massive Twitter breach

Amanda del Castillo Image
Thursday, July 16, 2020
'This is a big deal': Cyber security, tech experts weigh in on massive Twitter breach
Cyber security experts are weighing in after a major social media security breach hit some of Twitter's most high-profile accounts on Wednesday.

SAN JOSE, Calif. (KGO) -- A major social media security breach hit some of Twitter's most high-profile accounts on Wednesday.

"If you send me money, I'll send you back double" was the promise behind several now-deleted tweets, posted by former president Barack Obama, Elon Musk, Apple and many more.

RELATED: Joe Biden, Kanye West, Elon Musk among targets of apparent Twitter Bitcoin hack

Each Tweet provided the public with a Bitcoin address.

"The fact that so many of them are compromised at the same time, in such a short period of time, leads people to think now that there is some administrative issue on the Twitter side itself," Senior Managing Editor at CNET, Dan Ackerman told ABC7 News.

He classified Wednesday's elaborate hack as the biggest breach he's seen Twitter tackle.

In a tweet thread, the company announced, "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."

After the suspicious tweets were posted, Twitter temporarily limited users' abilities to reset passwords, and prevented verified accounts from posting.

RELATED: What are 'bots'? How are they affecting you when you use Twitter, social media?

Verified accounts, or accounts with blue check marks, are meant to signal the user is authentic.

"When you endanger that platform and the trust that you presumably give to these so-called 'verified' accounts, that makes the platform much less useful for people," Ackerman explained.

"They're in trouble. There's no question about it," Cyber security expert and San Jose State professor, Ahmed Banafa added. "This is a big issue for them. This is a big deal."

Banafa said the level of sophistication could make it difficult to track those responsible. These are hackers who seemingly got away with Bitcoins worth more than $110,000.

When asked how difficult it would be to get that money back, Banafa responded, "You'll never get it back, period. It's gone."

He added, "Every time you have a hack, you are really putting the business through three things: reputation, litigation, and business loss."

Explaining his idea, Banafa elaborated, "The reputation is really bad now. Litigation? God knows what's going to happen to that one. And business loss? Now people are going to question: What happens now? How can we trust Twitter with our business?"

RELATED: Scammers posing as coronavirus contact tracers jeopardize program

The FBI San Francisco field released this statement on Wednesday:

"We are aware of today's security incident involving several Twitter accounts belonging to high profile individuals. The accounts appear to have been compromised in order to perpetuate cryptocurrency fraud. We advise the public not to fall victim to this scam by sending cryptocurrency or money in relation to this incident."

Banafa said he anticipates other tech giants are already working to tighten their security.

"All the other companies, including our wonderful big companies like Google and Facebook and the others, they're going to go back now and check their security and make sure that they're not going to be the next victim here," he explained.

Even without a high-profile account, Banafa suggested changing passwords often, enabling two-factor authentication, and understanding that if something seems too good to be true, it probably is.