Target's Twitter account was hacked for about half an hour this morning. During that time, the attackers used their unauthorized access to the account to promote a Bitcoin scam.
In a tweet sent at 11:38 a.m. ET today, Target said, "Early this morning, our Twitter account was inappropriately accessed. The access lasted for approx. half an hour & one fake tweet was posted during that time about a bitcoin scam. We have regained control of the account, are in close contact with Twitter & are investigating now."
According to The Next Web, the since-deleted scam tweet read: "We giving 5 000 Bitcoin (BTC) to all community! We present cryptocurrency payments for your purchases in our store, and want to celebrate this event with all users! We organize the biggest crypto-giveaway in the world!" before providing a link to click to participate.
The Target hack and the subsequent Bitcoin scam is one of the largest of this type of fraud we’ve seen on Twitter, due to the fact that it used Target’s official Twitter account, rather than a look-alike, which has 2 million followers.
It’s not yet clear how the attackers obtained Target’s Twitter account credentials. Usually this type of breach happens because people tend to re-use passwords that have been exposed in other data breaches at other firms. Additionally, even if they used SMS two-factor authentication, many attackers now know how to bypass that by impersonating the owners of the phone number to wireless carrier employees. Then, they switch the phone number to their own phones in order to get the SMS authorization code.
Twitter Cryptocurrency Scams Still Going Strong
Over the past couple of years, cryptocurrency scams promoted via Twitter have drastically increased in number. The reason for this is likely because people generally love free money, so they join all of these cryptocurrency “giveaways,” to which they sign-up by first sending money to the fraudsters. Of course, the fraudsters have no intention of giving people the money they promised in the giveaway and instead run away with the cash received. They often make as much as hundreds of thousands of dollars in only a few hours, so it’s no surprise that this sort of scam is all over Twitter.
This works best when scammers promote the cryptocurrency hoax within the Twitter threads of someone who is popular, has many followers and is trustworthy. Then they use a similar account name to make people think that it’s actually the celebrity in question giving away the cryptocurrency money. For instance, we recently saw an “Elon Musk” (not Tesla's Elon Musk) giving away some cryptocurrency too.