Target announced that its Twitter account was hacked for about half an hour this morning. During that time, the attackers used their unauthorized access to the account to promote a Bitcoin scam.
The Target hack and the subsequent Bitcoin scam is one of the largest of this type of fraud we’ve seen on Twitter, due to the fact that it used Target’s official Twitter account, rather than a look-alike, which has 2 million followers.
The unauthorized tweet encouraged Target’s followers to send a small sum of Bitcoin for a chance to win 5,000 Bitcoin, or over $30 million. Target seemed to have noticed the breach in time, so not too many people were defrauded of their money. It’s not yet clear how the attackers obtained Target’s Twitter account credentials. The company hasn't made an official statement about the incident.
Usually this type of breach happens because people tend to re-use passwords that have been exposed in other data breaches at other firms. Additionally, even if they used SMS two-factor authentication, many attackers now know how to bypass that by impersonating the owners of the phone number to wireless carrier employees. Then, they switch the phone number to their own phones in order to get that SMS auth code.
Twitter Cryptocurrency Scams Still Going Strong
Over the past couple of years, cryptocurrency scams promoted via Twitter have drastically increased in number. The reason for this is likely because people generally love free money, so they join all of these cryptocurrency “giveaways,” to which they sign-up by first sending money to the fraudsters. Of course, the fraudsters have no intention of giving people the money they promised in the giveaway and instead run away with the cash received. They often make as much as hundreds of thousands of dollars in only a few hours, so it’s no surprise that this sort of scam is all over Twitter.
This works best when scammers promote the cryptocurrency hoax within the Twitter threads of someone who is popular, has many followers and is trustworthy. Then they use a similar account name to make people think that it’s actually the celebrity in question giving away the cryptocurrency money. For instance, we recently saw an “Elon Musk” (not Tesla's Elon Musk) giving away some cryptocurrency too.