Talk about a sobering experience. Yesterday, as I (and about a million others) reported, somebody got hold of the Twitter accounts belonging to Bill G
[See the full post at: Krebs: Here’s how all of those Twitter accounts got hacked]
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Krebs: Here’s how all of those Twitter accounts got hacked
- This topic has 13 replies, 9 voices, and was last updated 4 years, 10 months ago by
.
AuthorViewing 7 reply threadsAuthor-
I think it is a mistake for anyone in government anywhere at any level to use any social media account for anything. They do so only as a way to communicate directly with the public without having to rely on the media, mainstream or otherwise (newspapers, TV, etc.), circumventing traditional methods of disseminating governmental information. They should go back to issuing written press releases to the press corps and stop making them the enemy. Imagine if these hackers gained control of some head of state’s social media accounts and started issuing completely false statements regarding some other nation or its head of state. The consequences could easily involve injury or death to many innocent people. Do our government’s social media users have any concrete knowledge or inside information regarding the inherent security of these platforms? Apparently not. Even at a local level, a local official’s account could get taken over by hackers who then issued statements causing mass chaos and confusion regarding local utilities being turned off or water quality statements that were completely false. It’s a recipe for chaos and disaster.
4 users thanked author for this post.
-
The New York Times has an article this AM on the group that did the hacking.ย Fools and their Bitcoins are often parted.ย This further confirms for me that social media is uncontrollable (I have never had a Facebook or Twitter account and sleep better at night).
1 user thanked author for this post.
-
Simple solution: Never use nor care about Twitter. Problem solved, life simplified.
That someone smart enough to know how to get and transfer bitcoin would be foolish enough to send it to such an obvious scam is eye opening.
Solution 2: Never use nor care about bitcoin.
-Noel
-
Equifax got hacked – Capital One, HomeDept etc all got hacked on large scale – why would anyone think Twitter is immune to hacking.
People who sent their BTC to the criminals are the ultimate fools but they exist.
The MSM is spinning it as a bitcoin scam of course – I am a bitcoin user for years, never had an issue. Speed and cost of international transfers is unrivaled. Common sense security measures just like you protect your computers.
Never had a FB account, I am on twitter but I am not a celebrity and have nothing to sell so why use my real identity. I see people with their real names posting their family pics with small children. That’s asking for the creeps to make a move.
—
1 user thanked author for this post.
-
Noel Carboni:ย “That someone smart enough to know how to get and transfer bitcoin would be foolish enough to send it to such an obvious scam is eye opening.”
According to the article in question, the following have been on the receiving end and I don’t think that, whatever else we may think of each of them, none of them are fools, or (if companies) run by fools:
“Bill Gates, Elon Musk, Jeff Bezos, Apple, Kanye West, Mike Bloomberg, Barack Obama, Joe Biden, Uber, Warren Buffet”
But none of them probably handle things like bitcoin payments in person. As they all can well afford it, probably have gofers that do it for them.
Now, for those of us that have to take care of our things ourselves, the best way to keep out of trouble is not to seek it in the first place. So, the same as Noel, I keep well away from things such as Twitter, Facebook, etc. that are inessential to my real needs (besides, from what I’ve seen, also likely to annoy me), but require sharing personal information in order to open accounts there. It is already too bad that, in order to self-isolate, these days, I’ve had to open a number of accounts to buy things online that, normally, I would drive somewhere, park the car, walk into a shop and buy them there and then while sharing only greenbacks or using my bank issued credit card with a “smart” chip, knowing that shops are not allowed to keep any information they get from it once the payment has been approved. As to online accounts, I can cancel them when I don’t need them anymore, but the information I’ve been asked to give when opening them is not guaranteed to disappear from those companies servers once they are closed. Some of that information, such as an email, I could change as a precaution, others, such as credit card numbers, phone numbers, etc.: not so much.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
Hello @Oscar-
the following have been on the receiving end
The people who’s accounts you list had their Twitter accounts accessed, in order for the bad guys to impersonate them in Twitter Posts requesting BitCoin. Their Twitter accounts were compromised, but they did not send or receive any BitCoin. Their bank accounts, or BitCoin accounts were untouched… and were probably unaware of having their accounts compromised until notified by Twitter, or coming across other reports of the compromise.
The people who were relieved of their BitCoin were those that sent it, thinking this was actually from the Twitter account holder, and a legitimate request… and those are the people that Noel Carboni is referring to, in saying:
That someone smart enough to know how to get and transfer bitcoin would be foolish enough to send it to such an obvious scam is eye opening.
The bad guys provided were the recipients of the Bitcoin sent by the defrauded Twitter followers… and they are the ones who are now enriched (sadly).
Non-techy Win 10 Pro and Linux Mint experimenter
-
Elly, You are quite right. My mistake.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
-
-
-
Anonymous, Well, as I might have mentioned, I never used Twitter, so I wrote that sentence out of ignorance. Thanks for clarifying the point. But at social network sites showing up with what looked like interesting hits when doing searches for some particular information, I have been asked to register if I wanted to read whatever it was and, going through the motions to see what personal data was requested to open an account there, I was usually asked for more than my email address and picking a username. So, unless I really need to have access to some online service that requires registration, I am happy to have nothing to do with it.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
Twitter only requires a username and email address, which is less personal information than required to register for AskWoody.
Twitter only requires a username and email address, which is
lessexactly the personal information [than] required to register for AskWoody.
1 user thanked author for this post.
-
Twitter : What the attackers accessed
The attackers successfully manipulated a small number of employees and used their credentials to access Twitterโs internal systems, including getting through our two-factor protections
For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the accountโs information through our โYour Twitter Dataโ tool.https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html
1 user thanked author for this post.
Viewing 7 reply threads - This topic has 13 replies, 9 voices, and was last updated 4 years, 10 months ago by
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Sometimes I wonder about these bots
by 2 hours, 26 minutes ago
-
Does windows update component store “self heal”?
by 8 hours, 31 minutes ago
-
Windows 11 Insider Preview build 27858 released to Canary
by 9 hours, 31 minutes ago
-
Pwn2Own Berlin 2025: Day One Results
by 8 hours, 56 minutes ago
-
Windows 10 might repeatedly display the BitLocker recovery screen at startup
by 5 hours, 26 minutes ago
-
Windows 11 Insider Preview Build 22631.5409 (23H2) released to Release Preview
by 12 hours, 13 minutes ago
-
Windows 10 Build 19045.5912 (22H2) to Release Preview Channel
by 12 hours, 14 minutes ago
-
Kevin Beaumont on Microsoft Recall
by 48 minutes ago
-
The Surface Laptop Studio 2 is no longer being manufactured
by 20 hours, 22 minutes ago
-
0Patch, where to begin
by 14 hours, 24 minutes ago
-
CFPB Quietly Kills Rule to Shield Americans From Data Brokers
by 1 day, 9 hours ago
-
89 million Steam account details just got leaked,
by 21 hours, 45 minutes ago
-
KB5058405: Linux – Windows dual boot SBAT bug, resolved with May 2025 update
by 1 day, 18 hours ago
-
A Validation (were one needed) of Prudent Patching
by 1 day, 9 hours ago
-
Master Patch Listing for May 13, 2025
by 20 hours, 39 minutes ago
-
Installer program can’t read my registry
by 3 hours, 19 minutes ago
-
How to keep Outlook (new) in off position for Windows 11
by 1 day, 7 hours ago
-
Intel : CVE-2024-45332, CVE-2024-43420, CVE-2025-20623
by 1 day, 14 hours ago
-
False error message from eMClient
by 2 days, 5 hours ago
-
Awoke to a rebooted Mac (crashed?)
by 2 days, 14 hours ago
-
Office 2021 Perpetual for Mac
by 2 days, 15 hours ago
-
AutoSave is for Microsoft, not for you
by 2 hours, 35 minutes ago
-
Difface : Reconstruction of 3D Human Facial Images from DNA Sequence
by 2 days, 19 hours ago
-
Seven things we learned from WhatsApp vs. NSO Group spyware lawsuit
by 2 hours, 54 minutes ago
-
Outdated Laptop
by 3 days ago
-
Updating Keepass2Android
by 3 days, 6 hours ago
-
Another big Microsoft layoff
by 3 days, 6 hours ago
-
PowerShell to detect NPU – Testers Needed
by 8 hours, 8 minutes ago
-
May 2025 updates are out
by 9 hours, 49 minutes ago
-
Windows 11 Insider Preview build 26200.5600 released to DEV
by 3 days, 12 hours ago
Remembering Woody
