A US teen has hacked the Twitter accounts of prominent politicians, celebrities and technology moguls to scam people around the globe out of more than $US100,000 ($A140,000) in Bitcoin, authorities say.
A prosecutor identified the teenager as Graham Clark from the city of Tampa, charging him as an adult with 30 felony charges
“He’s a 17-year-old kid who just graduated from high school,” said Florida State Attorney Andrew Warren in Hillsborough County, which includes Tampa.
“But make no mistake: This was not an ordinary 17-year-old.”
Mason Sheppard, 19, from Bognor Regis in Britain, who used the alias Chaewon, was also charged with wire fraud and money laundering while Orlando-based Nima Fazeli, 22, nicknamed Rolex, was accused of aiding and abetting the crimes, according to a Justice Department statement.
The hacks led to bogus tweets being sent out on July 15 from the accounts of Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires.
They included Amazon chief executive Jeff Bezos, Microsoft co-founder Bill Gates and Tesla chief executive Elon Musk.
Celebrities Kanye West and his wife Kim Kardashian West were also hacked.
The tweets offered to send $US2000 ($A2800) for every $US1000 ($A1400) sent to an anonymous Bitcoin address.
Twitter previously said hackers used the phone to fool the social media company’s employees into giving them access.
It said they targeted “a small number of employees through a phone spear-phishing attack”.
“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” the company tweeted.
After stealing employee credentials and getting into Twitter’s systems, the hackers were able to target other employees who had access to account support tools, the company said.
The hackers targeted 130 accounts. They managed to tweet from 45 accounts, access the direct message inboxes of 36, and download the Twitter data from seven.
Dutch anti-Islam lawmaker Geert Wilders has said his inbox was among those accessed.
Spear-phishing is a more targeted version of phishing, an impersonation scam that uses email or other electronic communications to deceive recipients into handing over sensitive information.
Twitter said it would provide a more detailed report later “given the ongoing law enforcement investigation”.
The company has previously said the incident was a “co-ordinated social engineering attack” that targeted some of its employees with access to internal systems and tools.
It didn’t provide any more information about how the attack was carried out, but the details released so far suggest the hackers started by using the old-fashioned method of talking their way past security.