Google, Target Hit by Twitter Bitcoin Scam Account Hacks
Google and Target, the U.S retail giant, were hit recently by the ongoing Twitter bitcoin scam account hacks.
It was seen that the official Twitter accounts of Google and Target carried posts about bitcoin giveaways, which indicated that the accounts were hacked. The hack was later confirmed.
The official G Suite Twitter account displayed to hundreds of thousands of viewers the message that Google is giving 10,000 Bitcoin (BTC) to all community and that users could make payments in G Suite using cryptocurrency. It has not been confirmed as to how long the tweet remained on the G Suite Twitter account, but it reportedly was there for at least over 11 minutes.
A similar tweet linking to a malicious Bitcoin giveaway appeared on Target’s official Twitter account too and reportedly remained there for about half an hour.
Thus, Google and Target have joined the long list of the victims of the Twitter Bitcoin Scam Account Hacks; the list included numerous other retail giants, government accounts and politicians.
It was earlier suspected that Twitter had suffered a security compromise; hacking Twitter accounts is nothing new. But later, Twitter reportedly confirmed the involvement of third-party marketing solution apps in the incident. The name of the app, however, has not been revealed.
Target, which initially suggested that hackers had accessed its Twitter account and carried out the scam, it later backtracked its statement and clarified that the attackers had never directly accessed its Twitter account. The company revealed that the cybercriminals had managed to carry out the scam and post the messages by leveraging a third-party marketing app, which was authorized to post content on Target’s behalf.
In a detailed report on the incident, The Next Web elaborates, “The confirmation the hackings originated from a third-party app explains how the attackers managed to run the Bitcoin giveaway scam at such a large scale – and in such an organized manner.”
The Next Web also quotes from an email statement from a Target spokesperson, who says, “After a thorough investigation with Twitter and our cyber security team, we’ve confirmed that an attacker accessed one of our marketing vendor’s Twitter handles yesterday. This gave the attacker the ability to post an ad on Target’s behalf, and the vendor has since implemented a number of security measures to re-secure their account.”
Target too hasn’t revealed the name of the third-party app.
Kevin Jones753 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.