Cyber Stories: The Great Twitter Money Heist



Written by


Cybersecurity is a major issue which has grown even more critical in recent months as organizations have had to adapt their business to remote operations as a consequence of the global pandemic. Following this shift, the world has seen a dramatic rise in the number of data breaches, as cybercriminals try to take advantage of the new normal.

According to Security Boulevard, nearly 16 billion records were exposed this year. That represents a 273% increase in comparison with the first half of 2019 alone, which recorded *just* 4.1 billion exposed records. And this does not come cheaply either, as a report from the IBM and the Ponemon Institute showed that the average cost of a data breach in 2020 is $3.86 million.

One organization that knows those costs only too well is social media platform Twitter, which fell victim to the ‘Great Twitter Money Heist’ earlier this year.

What was The Great Twitter Money Heist?

The Great Twitter Money Heist was a cyber attack on famous US personalities’ Twitter accounts which took place back in July 2020.

With just a few simple emails, a group of young men in their twenties tricked a number of unsuspecting Twitter employees into giving away confidential information, granting them access to some of the platform’s most influential accounts.

So, what went wrong?

You’d be forgiven for thinking that the security measures surrounding the likes of Barack Obama, Elon Musk and Joe Biden’s Twitter accounts were the digital equivalent of Fort Knox. These are fairly important men after all. Surprisingly, all it took for a group of twenty-somethings to hack their Twitter accounts was a few carefully written emails and a simple spear-phishing attack.

As the name suggests, spear-phishing is the practice of using electronic communications (typically emails) to scam a specific individual, organization or business into giving out confidential data. By sending out communications that look like they are from a trustworthy source, hackers can con their targets into dishing out the information they require or even direct them towards web pages full of malware.

This particular spear-phishing attack tricked Twitter employees into giving away confidential information when emails that appeared to be from a trusted entity were sent to their accounts.

What was the impact of the attack?

Once the hackers gained access to these private accounts, they tweeted to thousands of followers with a typical bit-coin scam which coaxes users into giving money into an account on the promise that their investment will be doubled. The attackers managed to swindle $121,000 in Bitcoin through nearly 300 transactions before Twitter removed the tweets.

How could it have been prevented?

The Great Twitter Money Heist demonstrated that, no matter how many complex cybersecurity systems you have set up at your organization, phishing attacks can be an extremely effective way of gaining sensitive information for hackers.

To counter this, every single one of your employees should be trained to be able to recognise potential phishing attacks and respond accordingly when they do. Such skills have become especially pertinent in recent months where local lockdowns have resulted in employees being more vulnerable to phishing attacks while working from home.

How can you stop it from happening to your business?

Businesses and organizations can take extra security measures to combat these threats by employing effective cybersecurity training throughout their companies. At Airnow Cybersecurity, we offer Security Awareness training programmes that are designed to test how well you know your cyber threats, providing you with a painless introduction into the world of cybersecurity.

On top of that, our Incident Response sessions confront your organization with a range of live scenarios throughout a half-day workshop in order to test how well you can respond to cyber threats when the pressure is truly on. These sessions are not only a great opportunity to assess the strengths of ‘first responders’ at your organization, such as IT teams and support staff, they're also designed to highlight the important role every person within your organisation has to play in the event of a cyber attack.

For more information on how to make your business cyber secure, please check out the many services we offer at Airnow Cybersecurity and do not hesitate to talk to one of our helpful staff members.