An unprecedented hack impacting a number of Twitter’s most powerful users once again highlighted how much the platform is targeted by bad actors – and raised alarms among some security experts about how prepared the social network is to deal with that ongoing threat.
On Wednesday, the Twitter (TWTR) accounts of Joe Biden, Barack Obama, Jeff Bezos, Bill Gates, Elon Musk, and Apple, among others, were compromised and used to solicit Bitcoin donations as part of a broader scam. While the security incident was far larger than any other in Twitter (TWTR)’s history, it is certainly not the first time Twitter (TWTR)’s platform has been misused.
In 2019, Twitter CEO Jack Dorsey’s account tweeted a series of racist and otherwise offensive tweets after he appeared to be targeted through a vulnerability in a text-to-tweet feature. Earlier that year, two former employees were accused by the Justice Department of spying on behalf of Saudi Arabia. (At the time, Twitter said it “limits access” to sensitive account information to certain vetted employees.”) And fake Twitter accounts purporting to be Musk have also been used to peddle cryptocurrency scams in the past.
For years, Twitter has wielded a disproportionate amount of influence relative to its actual size. Platforms like Facebook, Instagram and YouTube dwarf Twitter’s user base, but Twitter has long been a go-to platform for politicians, executives, celebrities and journalists to make news and shape culture. It’s that influence, and the long list of big names actively on the platform, that may only lead to greater attention from hackers.
“If you’re able to compromise blue check mark users [verified accounts], that carries a lot of weight,” said Katie Moussouris, founder and CEO of Luta Security.
Some of these verified accounts, including many of the ones compromised on Wednesday, have millions of followers, the power to move markets and influence world events, making them incredibly valuable targets for hackers.
Because information on Twitter spreads so quickly, it also makes the service attractive to bad actors. “Twitter by nature is intended to be like a wire service,” said Douglas Schmidt, a professor at Vanderbilt University and cybersecurity expert. “Its reach is even greater in real time than Facebook’s.”
To make matters more complicated, Twitter has fewer resources than a company like Facebook, which has a market valuation more than 20 times greater than that of Twitter. As of the end of March, Twitter had more than 5,100 employees worldwide, while Facebook had 48,268 employees globally.
Much remains unknown about this week’s hack. In a tweet late Wednesday, Twitter’s support team said the company believes it was the result of “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
Other companies may have more sophisticated security systems in place, where no single person has access to sensitive information and accounts or controls without other checks and guardrails, Schmidt said.
Twitter did not immediately respond to a request for comment.
Trey Herr, director of the cyber statecraft initiative at the Atlantic Council, said the fact that some of Twitter’s employees were victims of a social engineering attack – a type of hacking that involves manipulating people into handing over private information – is a “bad sign” for the security of the platform.
“Good cybersecurity is so often getting the basics right over and over again: strong passwords, good multi-factor authentication … a willingness to test systems until they break to learn how to improve them, and more. It may be that Twitter has some work to do on this basic blocking and tackling,” he said.
If this latest security breach shows anything, it’s that bad actors will only continue to try to find ways to exploit the platform.