Twitter said that so far they believe a "coordinated social engineering attack" was performed by "successfully targeting some of our employees with access to internal systems and tools."
According to Vice, a source involved in the takeover said a "Twitter insider" did "all the work for us," and that another source said they paid the Twitter insider, which gave them access to internal tools that control accounts. Twitter shut down services to "verified" accounts on the platform, which are often high-profile and represent a spam risk. The attack resulted in takeovers of several high-profile accounts, including those of Bill Gates, Democratic candidate Joe Biden, and Tesla CEO Elon Musk.
Karim Hijazi, CEO of Prevailion, a cybersecurity firm that monitors hacks, told Yahoo Finance that the takeover has serious implications that should concern many in the cyber and intelligence communities.
The financial damage was limited – the scam on Wednesday resulted in at least 12.5 bitcoin being sent to the wallet address shared in the spam tweets, which comes out to about $114,500 at the current bitcoin price — but it could have been worse.
"The amount of damage they could have done could have been dramatic," said Hijazi. “I think the greater scenario is what else could they have conceivably done? They could have put out a huge disinformation campaign about organizations, companies, public sector organizations that could have taken a huge tumble. A lot of folks relied on Twitter as a means of understanding where things are at any given moment.”
Alex Hamerstone, practice lead at cybersecurity firm TrustedSec, echoed Hijazi. “This could have been much worse in many ways,” he told Yahoo Finance.
A theory that Hijazi and others have is this was just the beginning of something, which could be related to the upcoming election.
"One of the theories here is that this was a test, not an attack,” he said.
The hackers’ coordination with a Twitter employee or insider suggests an especially sinister angle for threats beyond typical methods like spear phishing — where tailored emails designed to convince someone to give up their credentials — and exploitations of computer weaknesses.
Though some have speculated that it appeared not to be a state actor given the low-level of damage, no details about who perpetrated the attack have been reported.