A hacker allegedly behind a wave of Twitter Wednesday's account hacks gained access to a Twitter "admin" tool on the corporate network that allowed them to hijack high-profile Twitter accounts to spread a cryptocurrency scam, according to a person with direct knowledge of the incident.
Account hijackings have affected some of the most prominent users on the social media platform, including major cryptocurrency sites, but have also kidnapped several celebrity accounts, notably Bill Gates, Jeff Bezos, Elon Musk and promising Democratic President Joe Biden. .
Vice yesterday Wednesday reported the details of the Twitter administration tool.
A Twitter spokesman, once reached, did not comment on the claims. Twitter later confirmed in a series of tweets that the attack was caused by "a coordinated social engineering attack by people who targeted some of our employees with access to internal systems and tools."
A person involved in the underground hacking scene told ProWellTech that a hacker, who uses the "Kirk" handle - probably not their real name - generated over $ 100,000 in a matter of hours by gaining access to an internal Twitter tool, they used to take control of popular Twitter accounts. The hacker used the tool to reset the associated email addresses of the affected accounts to make it more difficult for the owner to regain control. The hacker then pushed a cryptocurrency scam that claimed that any money sent by a victim "will be sent back doubled".
The person told ProWellTech that Kirk had started by selling access to Twitter vanity accounts, as usernames that are short, simple and recognizable. It's big business, if not yet illegal. A stolen username or social media manager can go anywhere between a few hundred dollars or thousands.
Kirk is said to have contacted a "trusted" member on OGUsers, a popular forum among hacked social media handle traders. Kirk needed the trusted member to help sell stolen vanity usernames.
In several screenshots of a Discord chat shared with ProWellTech, Kirk said, "Send me @ and BTC", referring to Twitter username and cryptocurrency. "And I'll do your shit," he said, referring to the hijacking of Twitter accounts.
But then later in the day, Kirk "started hacking everything," the person told ProWellTech.
Kirk allegedly had access to an internal tool on the Twitter network, which allowed them to effectively take control of a user's account. A screenshot shared with ProWellTech shows the apparent administration tool. (Twitter removes tweets and suspends users who share screenshots of the tool.)
The tool appears to allow users - apparently Twitter employees - to control access to a user's account, including changing the email associated with the account and even completely suspending the user. (We have compiled the details from the screenshot, as it appears to represent a real user.)
The person did not say exactly how Kirk had access to Twitter's internal tools, but speculated that a Twitter employee's corporate account had been hijacked. With a hijacked employee account, Kirk could make his way into the company's internal network. The person also said that a Twitter employee was unlikely to be involved in the acquisition of the account.
As part of their hacking campaign, Kirk first targeted @binance, the person said, then quickly moved to popular cryptocurrency accounts. The person said Kirk made more money in an hour than selling usernames.
To gain control of the platform, Twitter briefly suspended some account actions - as well as preventing verified users from tweeting - in an obvious attempt to stem account hijacking. Twitter later tweeted "it was working to get things back to normal as quickly as possible."
