Bill Gates, Elon Musk, Warren Buffett, Joe Biden, Barack Obama, and many others have had their Twitter accounts hacked by an unknown hacker or hackers. Each of these accounts tweeted a scam offer, inviting their followers to send $1,000 in bitcoin, and immediately receive $2,000 in bitcoin in return. At least 300 people fell for the scam and sent the hackers a total of at least $100,000. The incident points to graver dangers in today's social-media-driven world--dangers that every business leader should carefully consider.
Around 4 p.m. Eastern on Wednesday, @elonmusk's 36.9 million Twitter followers received this message: "I'm feeling generous because of Covid-19. I'll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!" Around the same time, similar tweets went out from the Twitter accounts of Bill Gates, Warren Buffett, Barack Obama, Joe Biden, Kanye West, and on and on, a seemingly endless list of luminaries, all eager to give away $2,000 to anyone who sent them $1,000, within a 30- or 60-minute timeframe. Jeff Bezos's Twitter account made the same offer, but in his case, the deal would end when he reached $50,000 rather than at a specific time. Each of these tweets ended with a bitcoin wallet address where those who wanted their money doubled should send their bitcoin.
According to The Verge, Twitter did not publicly respond to the hacks for an hour, then tweeted a quick acknowledgement of the situation.
Some time after that, the company took the unprecedented step of locking down all verified accounts on the site. Verified accounts, identified by a blue and white checkmark, tell Twitter users that the account's owner really is who it appears to be and are usually reserved for public figures. They allow users to confirm that the tweets from @elonmusk really did come from Musk's account, and not from an account pretending to be Musk, which is easy to do on Twitter. Although Twitter mostly stopped granting verified accounts a few years ago, many prominent people have them.
Temporarily disabling those accounts from posting seems like a logical step, given that the hack targeted prominent people. And indeed, it appeared to work. The Verge reported that hackers still seemed to control @elonmusk as of about 6 p.m., but when verified accounts were shut down around half an hour later, that appeared to end the attack. Less than two hours after that, Twitter Support tweeted that most accounts could post again.
According to the New York Times, at least 300 people fell for the bogus offer and sent a total of more than $100,000 to the hacker or hackers. Since bitcoin is not governed by the U.S. financial system (or any other national financial system), it's highly unlikely that those people will ever get their money back.
It could have been much worse.
Even so, this astoundingly huge hack was quite innocuous, compared to what could have happened. Imagine if a hacker using Elon Musk's account had announced that aliens from Mars were about to land in Los Angeles and that everyone should flee the city. Or if someone hacked into President Donald Trump's Twitter account to declare a state of emergency.
The immediacy of Twitter, and the fact that so many people use it to speak directly to the public, has made it an indispensable tool for many political and business leaders. But Twitter's simple structure and the ease of posting to the platform may also make it vulnerable to attack. While this is the most widespread Twitter hack with the biggest consequences, it's far from the first one. Notably, Twitter CEO Jack Dorsey was hacked last year, when a group called the Chuckle Squad exploited a security hole.
What's a smart leader to do? Simply staying off Twitter is no solution because that just leaves a vacuum some miscreant can fill in with a fake account in your name or your company's name. On the other hand, if you use Twitter, you risk having unwanted messages go out from your handle. And while having a large number of Twitter followers benefits you in many ways, it also means that if you are hacked and a nefarious message goes out, that message can travel far and wide.
Perhaps the best strategy is to keep on tweeting but make sure your account is monitored closely, so that if something like this does happen to you, you can take action right away. And make sure to keep the Web page for Twitter Support handy, as well the handle @TwitterSupport. You never know when you might need them.