Last week’s bitcoin “giveaway” scams on Twitter, which saw one of Google’s social media accounts compromised, was the result of a hacked third-party provider and not the social media platform’s system, Twitter has claimed. In an email correspondence with Hard Fork, the tech company firmly established that a loophole in an unnamed third-party app was exploited by the hackers to share their scammy tweets.
Twitter’s confirmation comes less than a week after the account of some high profile brands were hacked on the platform, most notably Google and retail giant Target, in a bold move to promote scammy bitcoin giveaways. In its usual way, the scammers asked non-savvy Twitter users to send small amounts of cryptocurrency for a chance to win big — as much as 10,000 BTC.
Target posted an update after the scammy tweets from the hackers were taken down, stating that its “Twitter account was inappropriately accessed” before backpedaling to Hard Fork, explaining that the hackers took advantage of a loophole in a third-party marketing app used to publish content on behalf of the retailer on Twitter.
Using a third-party app explains how the thieves were able to get hold of so many verified Twitter accounts to publish the same giveaways. About the same time Target’s account got hacked, The Body Shop, Toledo Rockets, Universal Music Czech Republic, and even the UNHCR Serbia account were compromised.
This was not the first time a high profile Twitter account had been compromised for the promotion of crypto giveaways. Tesla CEO Elon Musk was long the target of choice for Twitter bitcoin scammers. Once they took control of a verified account, the hackers would replace the profile picture and name of the brand with that of Elon Musk. Both Pathe UK and Cap Gemini Australia had their accounts hacked and replaced with a hastily-assembled profile mimicking Musk’s real one.
There have been a lot of criticisms on Twitter in the past few months over their ad vetting process, as a lot of commentators believe the social media network should be able to put a hold to the scams. Cornell professor Emin Gun Sirer lashed out at Twitter in March, asking them how they intend to improve the platform when they can’t even “detect this kind of brazen scam?”
Twitter’s CEO Jack Dorsey had replied with a reassuring sentence, stating: “We are on it.” Eight months later, the Twitter scams are stronger than ever.