Twitter Breach: The Aftermath and Lessons Learned

Malicious Memes Found Spreading on Twitter

Many high-profile Twitter accounts including Bill Gates, Barack Obama, Elon Musk, Kim Kardashian were hacked this past July. This attack is considered as one of the biggest social media cyber-attack in history. Attackers gained control of accounts like Jeff Bezos and tweeted the following:


“I have decided to give back to my community.

All Bitcoin sent to my address below will be sent back doubled. I am only doing a maximum of $50,000,000.”


All tweets sent out by the malicious actors was similar to the tweet above. It was reported that around a thousand Twitter users fell for the scam and the cyber criminals successfully reached out to 350 million users with the help of Twitter’s internal system. Twitter users sent almost $120,000 worth of bitcoin.

According to the social media giant, the cyberattack was a “coordinated” social engineering that targeted specific Twitter employees with access to internal tools and systems. The profile of the hacker is someone who has specialized in hijacking social media accounts via “Sim Swapping”. The Sim Swapping involves bribing or hacking employees at social media companies into providing access to the target’s account. Furthermore, the hacker also reset associated email addresses for account holders to make it more difficult to regain control. Once the hacker gets access to the account and changes the associated emails, it does not send any information or notices to the user about the change or any update in the Twitter account. As the hacker could easily turn off the 2FA. Therefore, the main motive of the hacker is to gain financial profits.  


LIFARS’ Cyber Resilience and Response Subscription Program provides the manpower and expertise to immediately respond and remediate to cyber incidents and breaches, in addition to providing a full array of services to increase your company’s cyber resiliency.

How to prevent a cyber-attack in the future?  

The investigation is still going on and social media is not sure if it was the insider threat. However, it gives other social media to be more alert and Twitter to prevent the attack in the future. The weakest link in the cybersecurity chain is the user and therefore, the antivirus or any event monitoring cannot detect human behavior. To prevent the attack in the future, employee security awareness and education program should be performed regularly.

Protecting your organization from insider threats, a strict access control policy should be developed and executed. Before hiring anyone at the company, strict background checks and strong referral should be done. For every social media, it is very important to send any notifications or emails to the authorized users’ email. Moreover, cybersecurity is very important and the company can protect from the attackers if only every department of the company works together and practice good cybersecurity.