[Thread] Twitter says a coordinated social engineering attack against employees with access to internal systems and tools allowed hackers to hijack accounts (@twittersupport)

@twittersupport:
[Thread] Twitter says a coordinated social engineering attack against employees with access to internal systems and tools allowed hackers to hijack accounts  —  Our investigation is still ongoing but here's what we know so far:

US Senate committee to vote on bill banning federal employees from using TikTok

TikTok's Chinese ownership and wide popularity among American teens have brought scrutiny from U.S. regulators and lawmakers. https://ift.tt/3evD2Lh https://ift.tt/eA8V8J

Rs 1.52 lakh crores, 13 deals: Reliance Jio’s hot 'streak' of partnerships with Facebook, Google and others

https://ift.tt/3j5EjfH

Twitter silences some verified accounts after wave of hacks

The unusual scope of the problem suggests hackers may have gained access at the system level, rather than through individual accounts https://ift.tt/30jqlOE https://ift.tt/eA8V8J

A hacker used Twitter’s own ‘admin’ tool to spread cryptocurrency scam

A hacker allegedly behind a spate of Twitter account hacks on Wednesday gained access to a Twitter “admin” tool on the company’s network that allowed them to hijack high-profile Twitter accounts to spread a cryptocurrency scam, according to a person with direct knowledge of the incident.

The account hijacks hit some of the most prominent users on the social media platform, including leading cryptocurrency sites, but also ensnared several celebrity accounts, notably Bill Gates, Jeff Bezos, Elon Musk and Democratic presidential hopeful Joe Biden.

Vice earlier on Wednesday reported details of the Twitter admin tool.

A Twitter spokesperson, when reached, did not comment on the claims. Twitter later confirmed in a series of tweets that the attack was caused by “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

A person involved in the underground hacking scene told TechCrunch that a hacker, who goes by the handle “Kirk” — likely not their real name — generated over $100,000 in the matter of hours by gaining access to an internal Twitter tool, which they used to take control of popular Twitter accounts. The hacker used the tool to reset the associated email addresses of affected accounts to make it more difficult for the owner to regain control. The hacker then pushed a cryptocurrency scam that claimed whatever funds a victim sent “will be sent back doubled.”

The person told TechCrunch that Kirk had started out by selling access to vanity Twitter accounts, such as usernames that are short, simple and recognizable. It’s big business, if not still illegal. A stolen username or social media handle can go for anywhere between a few hundred dollars or thousands.

Kirk is said to have contacted a “trusted” member on OGUsers, a forum popular with traders of hacked social media handles. Kirk needed the trusted member to help sell stolen vanity usernames.

In several screenshots of a Discord chat shared with TechCrunch, Kirk said: “Send me @’s and BTC,” referring to Twitter usernames and cryptocurrency. “And I’ll get ur shit done,” he said, referring to hijacking Twitter accounts.

But then later in the day, Kirk “started hacking everything,” the person told TechCrunch.

Kirk allegedly had access to an internal tool on Twitter’s network, which allowed them to effectively take control of a user’s account. A screenshot shared with TechCrunch shows the apparent admin tool. (Twitter is removing tweets and suspending users that share screenshots of the tool.)

A screenshot of the alleged internal Twitter account tool. (Image supplied)

The tool appears to allow users — ostensibly Twitter employees — to control access to a user’s account, including changing the email associated with the account and even suspending the user altogether. (We’ve redacted details from the screenshot, as it appears to represent a real user.)

The person did not say exactly how Kirk got access to Twitter’s internal tools, but hypothesized that a Twitter employee’s corporate account was hijacked. With a hijacked employee account, Kirk could make their way into the company’s internal network. The person also said it was unlikely that a Twitter employee was involved with the account takeovers.

As part of their hacking campaign, Kirk targeted @binance first, the person said, then quickly moved to popular cryptocurrency accounts. The person said Kirk made more money in an hour than selling usernames.

To gain control of the platform, Twitter briefly suspended some account actions — as well as prevented verified users from tweeting — in an apparent effort to stem the account hijacks. Twitter later tweeted it “was working to get things back to normal as quickly as possible.”

Apple, Biden, Musk and other high-profile Twitter accounts hacked in crypto scam

SMIC, a key player in China's ambitions to boost its semiconductor industry, saw its shares surge 245% at the open in Shanghai debut after raising $6.62B (Arjun Kharpal/CNBC)

Arjun Kharpal / CNBC:
SMIC, a key player in China's ambitions to boost its semiconductor industry, saw its shares surge 245% at the open in Shanghai debut after raising $6.62B  —  - SMIC, China's biggest chipmaker, saw its shares surge 245% at the open on its first day of trade in Shanghai.

Vivo X50, Vivo X50 Pro Launching in India at 12 Noon: Watch Live Stream

Vivo X50 and Vivo X50 Pro will launch in India today at 12pm (noon) via a digital event. The Vivo X50 series of smartphones was originally unveiled early in June and brought three phones namely, Vivo... https://ift.tt/2Wj1UzR

Twitter hack has profound national security implications as it's no longer unthinkable that someone takes over an account of a world leader to start nuclear war (Casey Newton/The Interface)

Casey Newton / The Interface:
Twitter hack has profound national security implications as it's no longer unthinkable that someone takes over an account of a world leader to start nuclear war  —  You can't say you didn't see it coming.  —  Whatever Twitter eventually comes to say about the events of July 15th, 2020 …

JEDEC, which sets mainstream RAM speed standards, releases its final spec for DDR5 SDRAM, with a 6.4 Gbps max data rate, and a 128 GB max UDIMM capacity (Ryan Smith/AnandTech)

Ryan Smith / AnandTech:
JEDEC, which sets mainstream RAM speed standards, releases its final spec for DDR5 SDRAM, with a 6.4 Gbps max data rate, and a 128 GB max UDIMM capacity  —  Marking an important milestone in computer memory development, today the JEDEC Solid State Technology Association is releasing …

Realme to Launch New Ultra Fast Charging Technology on July 16

Realme will unveil a new fast charging technology on July 16. The development also was shared by Madhav Sheth who teased that the upcoming charging technology would be faster than the company's... https://ift.tt/3eBsB9m

Watch the Trailer for Lucifer Season 5

Lucifer season 5 trailer is here. Netflix has unveiled a two-minute trailer for the penultimate season of Lucifer, which reveals - SPOILER ALERT - his twin brother Michael (also Tom Ellis,... https://ift.tt/3fq9Zdv

OnePlus Nord Design and Colour Options Revealed Ahead of Official Launch

OnePlus Nord will be released in two colour options and carry no IP rating, revealed OnePlus co-founder Carl Pei in an interview. The launch of the OnePlus Nord is about a week away and the phone will... https://ift.tt/2DCW45K

Google Hit With Belgian Privacy Fine on 'Right to Be Forgotten' Issue

Google has received a record fine from Belgium's data protection authority (APD) of EUR 600,000 for not complying with European rules on a person's "right to be forgotten" online. https://ift.tt/2ZuD0PN

Spotify Expands to Russia and 12 Other Countries

Spotify on Tuesday launched its music streaming service in Russia, the fastest growing international market for music, and 12 other regions as part of its expansion strategy after breaking into India... https://ift.tt/30cchGH

Huawei to Be Purged From UK 5G Networks by End of 2027: PM Boris Johnson

Prime Minister Boris Johnson ordered Huawei equipment to be purged completely from Britain's 5G network by the end of 2027, risking the ire of China by signalling that the world's biggest telecoms... https://ift.tt/32kZXa2