News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: July 17, 2020

  • Krebs: Here’s how all of those Twitter accounts got hacked

    Posted on July 17th, 2020 at 09:36 woody Comment on the AskWoody Lounge

    Talk about a sobering experience. Yesterday, as I (and about a million others) reported, somebody got hold of the Twitter accounts belonging to Bill Gates, Elon Musk, Jeff Bezos, Apple, Kanye West, Mike Bloomberg, Barack Obama, Joe Biden, Uber, Warren Buffet, and many others. The miscreant started sending out messages asking folks to send them $1,000 in Bitcoin – promising that the luminary would return $2,000.

    Brian Krebs tracked down the perp — more accurately, perps — and it makes a fascinating story:

    “The way the attack worked was that within Twitter’s admin tools, apparently you can update the email address of any Twitter user, and it does this without sending any kind of notification to the user,” Lucky told KrebsOnSecurity. “So [the attackers] could avoid detection by updating the email address on the account first, and then turning off 2FA.”

    This Twitter hack could have let the attackers view the direct messages of anyone on Twitter, information that is difficult to put a price on but which nevertheless would be of great interest to a variety of parties, from nation states to corporate spies and blackmailers.

    There were multiple people involved in the Twitter heist.

    In short, if you use mobile phone SMS to verify a log on to an account, you could get slammed. Normal people don’t have to worry about it yet. But high-profile accounts are definitely in the crosshairs, and it’s probably just a matter of time before SMS-based hijacking becomes more pedestrian.