Twitter's public perception has been dropping rapidly over the past few months, with many users abandoning the platform for alternatives. But, their public perception took its biggest hit this week when a collection of high profile accounts tweeted nearly identical Bitcoin scam posts. The affected accounts included Barack Obama, Joe Biden, Elon Musk, Jeff Bezos, Bill Gates, and more. In total, 130 accounts were affected, of which 45 were fully hijacked. The hack generated at least $120k for the hackers.
While the hack itself was newsworthy, the real story was in the way it happened and how the company responded. While the incident was happening, the company and its CEO Jack Dorsey were surprisingly quiet. It was hours after the incident became news before Dorsey addressed it in any way. This has led people to wonder just how involved in the company the CEO actually is. The company itself was equally not existent in the early hours of the hack.
While no public interaction was happening, private interaction was also quiet. This was surprising, as the company was making some big changes to the way verified accounts worked. In fact, they were making them not work. For many high profile users, the ability to tweet and access private messages was completely disabled. This was obviously done in an attempt to stop the spread of the scam, but without explanation, it produced confusion and concern about their own account's safety. Some even created new accounts to let their fans know they were unable to tweet.
However, no information of value came from the company for days. In fact, the first real information came in a blog post 3 days after the hack. In the post, it was explained that the hackers used sophisticated social engineering tactics to get the credentials for employees. Social engineering involves creating scenarios wherein those being targeted believe you are part of their circle. For some great examples, check out the song Social Engineering by nerdcore rapper ytcracker.
Once the hackers got access to the employees' credentials, they used them to access tools intended specifically for employees. Through those tools, they were able to access the affected accounts and post the scam tweets. While the company was trying to fix the problem, when they would reclaim access to an account, it would be lost again within minutes. That is what led to the shutdown of verified accounts.
As of now, the assault seems to be over, but not all functionality has been restored for all users.