Twitter Responds to CryptoForHealth Phishing Campaign; Investigation Ongoing
Twitter has attempted to stop an ongoing attack by locking down high-status accounts.
- Twitter has locked down verified or "blue check" accounts to prevent a phisher from accessing those accounts.
- The CryptoForHealth phishing campaign has earned $120,000 of Bitcoin in just a few hours.
- General users can continue to use Twitter as normal.
Share this article
Twitter has responded to an ongoing phishing campaign that has compromised dozens of verified user accounts.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
Verified Accounts on Twitter Locked
According to Twitter, some users will not be able to tweet or reset their passwords while Twitter resolves the issue.
It appears that this course of action only affects verified “blue check” users such as celebrities, journalists, politicians, and corporations. Some users’ reports suggest that verified accounts can publish scheduled tweets and retweet other users’ tweets, but cannot post new content.
The restrictions do not seem to apply to general users, who have continued to post throughout the phishing campaign.
Twitter’s accounts have not been compromised during the attack, despite photoshopped screenshots suggesting otherwise. However, Square’s Cash App, which has close ties to the social media platform through founder Jack Dorsey, was briefly compromised.
Attack Isn’t Over Yet
Twitter’s restrictions have not stopped the attacker. As of 12:30 UTC, the hacker’s Bitcoin account is still receiving crypto and has accumulated a balance of 12.8 BTC ($118,000).
The attacker may be running phishing campaigns on platforms outside of the social media site as well.
Two hours ago, Twitter wrote to confirm that a social engineering attack had targeted employees. They have reportedly locked affected accounts, removed tweets posted by the attackers, and have “taken significant steps to limit access to internal systems and tools while our investigation is ongoing.”
Our investigation is still ongoing but here’s what we know so far:
— Twitter Support (@TwitterSupport) July 16, 2020
As the investigation unfolds, Crypto Briefing will continue to provide updates on the matter.