The Twitter Hack Fiasco: Compromised Internal Tool, Paid Insiders, Direct Message Fears

On Wednesday, a large number of Twitter accounts were compromised and the hackers used the accounts to tweet about a bitcoin doubling scam. According to multiple reports, a Twitter employee was paid to give the hackers an internal tool that let them leverage high-profile social media accounts.

It was a crazy day in the world of cryptocurrencies, as a massive number of high-profile people and organizations like Bill Gates, Apple, Uber, Barack Obama, Elon Musk, Jeff Bezos, Joe Biden, and many others had their Twitter accounts hijacked. After the incident, a number of armchair sleuths and investigative journalists uncovered a wealth of information about the Twitter issue.

The popular columnist Joseph Cox detailed that he obtained “leaked screenshots” of an internal tool that was used by the hackers. According to the report, Cox says that one of his anonymous sources revealed that the culprits “paid [a] Twitter insider.” He also mentioned that Twitter was still investigating whether or not the employee leveraged the tool or merely allowed others to use it.

The Twitter Hack Fiasco: Compromised Internal Tool, Paid Insiders, Direct Message Fears
A tweet from the breached Joe Biden account after it was compromised by the hackers. The scammers used a common bitcoin doubler scheme in order to convince people to send bitcoin.

On Twitter, the Block Crypto analyst Larry Cermak’s recent Twitter thread gives a comprehensive look at the incident as well. Cermak says that it “all started at 2:16 PM ET with a known crypto account @Angelobtc asking for payment to join a fake telegram paid group.”

“The takeaway is that the hacker started with large crypto accounts and stuck to only a few formats and addresses,” Cermak continued. “The hacker then moved to non-crypto celebrities two hours after the first hack. They only used three BTC addresses. What I will say is that it’s totally unacceptable that it took Twitter to act as long as it did. At 4:17 PM ET it was absolutely clear to anyone that was paying attention that Twitter is compromised. It took Twitter 2 hours (at 6:05 PM ET) to start acting.”

Another finding stemming from Joseph Cox explains that U.S. Senator Ron Wyden complained to Twitter about using end-to-encryption (e2e) for direct messages two years ago, and the firm never acted upon the idea.

“In September of 2018, shortly before he testified before the Senate Intelligence Committee, I met privately with Twitter’s CEO Jack Dorsey,” Wyden tweeted. “During that conversation, Mr. Dorsey told me the company was working on end-to-end encrypted direct messages.” The Senator continued:

It’s been nearly two years since our meeting, and Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company’s systems, and hackers who gain unauthorized access.

Many people are concerned about the direct message access, as any person who was hacked in the incident may have had their chat logs scraped. The organization Fight for the Future tweeted a petition to the masses in order to convince Twitter CEO J