Hackers accessed Twitter’s internal systems to hijack some of the platform’s top voices, Kanye West, Apple, Barack Obama, Mike Bloomberg, Joe Biden, Uber, Jeff Bezos, Elon Musk, and Bill Gates, to spread a cryptocurrency scam.
Twitter says employees with access to its internal systems had been successfully targeted by hackers who “used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.”
“We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” the company said on Wednesday (local time).
Twitter temporarily took the extraordinary step of preventing for several hours at least some verified accounts from publishing messages altogether. It said it would restore access only when it was certain it could do so securely.
Publicly available blockchain records show the apparent scammers received more than $US100,000 ($A143,000) worth of cryptocurrency.
The social media giant took the extraordinary step of preventing at least some verified accounts from publishing messages altogether.
It is not clear whether all verified users were affected but, if so, it would have a huge impact on the platform and its users.
Twitter CEO Jack Dorsey earlier said the company was diagnosing the problem and pledged to share “everything we can when we have a more complete understanding of exactly what happened”.
The offending tweets have since been deleted. Mr Dorsey tweeted his disappointment at the incident, acknowledging it had been “a tough day” for the company.
The scam involved a promise that users would double their money if they sent Bitcoin to a specific account.
Shares in the social media company tumbled almost 5 per cent in trading after the market close before clawing back some of their losses.
The hacked tweet from Mr Bloomberg’s personal account, for example, said, “I am giving back to the community” and asked users to send $US1000 ($A1424) in Bitcoin to receive $US2000 back with a link to send payments.
Some of the tweets were swiftly deleted but there appeared to be a struggle to regain control of the accounts.
In the case of billionaire Tesla chief executive Elon Musk, for example, one tweet soliciting cryptocurrency was removed and, sometime later, another one appeared, and then a third.
According to CNBC, the hackers’ message that was tweeted via Mr Gates’ account read “Everyone is asking me to give back, and now is the time. I am doubling all payments sent to my BTC address for the next 30 minutes. You send $1000, I send you back $2000.”
It’s not clear how the account hacks happened. Attackers appear to have fully taken over the victims’ accounts, and also changed the email address associated with the account to make it harder for the real user to regain access.
A Bitcoin account was linked to from the hacked tweets had received more than $US100,000 at the current exchange rate, according to Blockchain.com.
However, observers have said scammers sometimes seed their own accounts to appear legitimate.
Several experts said the incident raised questions about Twitter’s cybersecurity.
“It’s clear the company is not doing enough to protect itself,” said Oren Falkowitz, former CEO of Area 1 Security.
Dimitri Alperovitch, who now chairs the Silverado Policy Accelerator, said that, in a way, the public had dodged a bullet so far.
“We are lucky that given the power of sending out tweets from the accounts of many famous people, the only thing that the hackers have done is scammed about $110,000 in bitcoins from about 300 people,” he said.