WASHINGTON: The official Twitter accounts of Apple, Elon Musk, Jeff Bezos and others were hijacked on Wednesday (Jul 15) by scammers trying to dupe people into sending cryptocurrency bitcoin, in a massive hack of the social media platform.
The list of accounts commandeered simultaneously grew rapidly to include Joe Biden, Barack Obama, Uber, Microsoft co-founder Bill Gates, reality television show star Kim Kardashian and rapper Kanye West, among many others.
Posts, which were largely deleted, were fired off from the array of high-profile accounts telling people they had 30 minutes to send US$1,000 in bitcoin in order to be sent back twice as much.
Twitter said employees with access to its internal systems had been successfully targeted by hackers who "used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf".
"We're looking into what other malicious activity they may have conducted or information they may have accessed and will share more ... as we have it," the company said.
Twitter temporarily took the extraordinary step of preventing for several hours at least some verified accounts from publishing messages altogether. It said it would restore access only when it was certain it could do so securely.
"Most accounts should be able to Tweet again," the Twitter support team said in an update of the situation.
"As we continue working on a fix, this functionality may come and go. We're working to get things back to normal as quickly as possible."
Chief executive Jack Dorsey earlier said the company was diagnosing the problem and pledged to share "everything we can when we have a more complete understanding of exactly what happened".
"Tough day for us at Twitter. We all feel terrible this happened," he said in a tweet.
The site Blockchain.com, which monitors transactions made in cryptocurrencies, said a total of 12.58 bitcoins, worth almost US$116,000, had been sent to the email addresses mentioned in the fraudulent tweets.
"This is a SCAM, DO NOT participate!" Gemini cryptocurrency exchange co-founder Cameron Winklevoss warned in a tweet from his official account at Twitter.
"This is the same attack/takeover that other major crypto twitter accounts are experiencing. Be vigilant!"
A version of the scam invited people to click on a link at which they would be exploited.
"All major crypto Twitter accounts have been compromised," Winklevoss warned in a tweet.
It was not clear whether all verified users were affected but, if so, it would have a huge impact on the platform and its users. Verified users include celebrities and journalists, but also governments, politicians and heads of state.
The unusual scope of the problem suggested that it was not limited to a single account or service. While account compromises are not unusual, experts were surprised at the sheer scale and coordination of Wednesday's incident.
"This appears to be the worst hack of a major social media platform yet," said Dmitri Alperovitch, who co-founded cybersecurity company CrowdStrike.
Shares in the social media company tumbled almost 5 per cent in trading after the market close before paring their losses.
In the hours after the initial breach, some of the platform's biggest users appeared to be struggling to re-establish control of their Twitter accounts. In the case of billionaire Tesla's Musk, for example, one tweet soliciting cryptocurrency was removed and, sometime later, another one appeared, and then a third.
The corporate accounts for Uber and Apple were also affected as were some accounts of cryptocurrency-focused organisations.
Biden's campaign was "in touch" with Twitter, according to a person familiar with the matter. The person said the company had locked down the Democrat's account "immediately following the breach and removed the related tweet". Tesla and other affected companies were not immediately available for comment.
Some experts said the incident has raised questions about Twitter's cybersecurity.
"It's clear the company is not doing enough to protect itself," said Oren Falkowitz, former CEO of Area 1 Security.
Alperovitch, who now chairs the Silverado Policy Accelerator, said that, in a way, the public had dodged a bullet so far.
"We are lucky that given the power of sending out tweets from the accounts of many famous people, the only thing that the hackers have done is scammed about US$110,000 in bitcoins from about 300 people," he said.