Could Twitter Bitcoin Hack Have Been Prevented? Twitter Faces Heat From SEC

Shine Li  Jul 29, 2020 16:38  UTC 08:38

3 Min Read

There is ongoing speculation that the massive Bitcoin hack that overtook Twitter on July 15 could have been prevented if Twitter CEO Jack Dorsey and his multi-billion dollar social networking company had taken matters into their own hands and addressed the security concerns outlined by the Securities and Exchange Commission (SEC) in 2015. 

SEC Warns Twitter About Security Breaches

When detailing Twitter’s 10-K annual report in 2015, the SEC had warned of a potential attack breakout if security concerns were not addressed and fixed by Dorsey and co. Under the “Risk Factors” section of the report, it read: 

“Our security measures may also be breached due to employee error, malfeasance, or otherwise. Additionally, outside parties may attempt to fraudulently induce employees, users or advertisers to disclose sensitive information in order to gain access to our data or our users’ or advertisers’ data or accounts, or may otherwise obtain access to such data or accounts.” 

Twitter Employees Get The Inside Scoop 

In the past, many of Twitter Inc.’s employees and contractors have had exclusive access to the confidential side of the social networking company.

Many possessed the admin information that enabled them to bypass security parameters set by Twitter. Consequently,Twitter employees were able to reset Twitter users’ accounts and override their security settings, a problem that CEO Jack Dorsey and his board of directors were warned about multiple times. 

Former Employees Confirm Twitter Breaches 

Former employees of Twitter have spoken up on the matter and confirmed the security concerns.They have said that there are over 1,500 workers at Twitter Inc. who can reset user accounts, review user breaches and respond to potential content violations for the social platform’s 186 million daily users.

Though the breadth of personal data most of these workers could access is still relatively limited, this is usually the starting point if one wished to snoop or hack an account. 

Following Beyonce's Twitter Trail

Two former employees came forward and said that at some point in 2017-2018, the security controls were so porous that contractors would make “a kind of game out of creating bogus help-desk inquiries that allowed them to peek into celebrity accounts, including Beyonce’s, to track the stars’ personal data including their approximate locations gleaned from their devices’ IP addresses.” 

 

CEO Dorsey Shoots Himself In The Foot

To make matters worse, when commenting on the massive Bitcoin hack that took over Twitter a few weeks ago, CEO Jack Dorsey and his team have said that the huge security breach may have been an inside job, and that an employee might have enabled the Bitcoin cybercriminals to gain access to high-security internal admin for Twitter.

This was one of the hypotheses that could explain the successful hack, with Bitcoin scam artists taking control of celebrity verified accounts, that included but were not restricted to the platforms of Elon Musk, Kanye West, Bill Gates, Barack Obama, Kim Kardashian, Wiz Khalifa, Joe Biden, Warren Buffett, Jeff Bezos, Mike Bloomberg, among many others.

Twitter had said that this might just be the biggest hack that it has experienced in its history. When issuing a report on their platform to appease Twitter users, they said: 

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.” 

Binance, Kraken, Gemini, Coinbase Also Involved

The Bitcoin heist generated a sum of more than $100, 000 worth of Bitcoin. The accounts of high-profile coin exchanges were also compromised. When speaking up about the Twitter mass attack, CEO of Kraken Jesse Powell expressed through writing: 

“This hack shows that security is about layers of protection. Somebody has to be watching the admins and setting up alerts to watch for these vulnerabilities." 

Twitter Works on Tracking Down Offenders

Investigations are still ongoing at the time of writing to uncover the identities of the Bitcoin thieves.

Twitter CEO has said that it will post updates regarding investigations, as the social networking company is working in collaboration with law enforcement to track down the cyber culprits. 


Image source: Shutterstock


Read More