What is Twitter’s Tip Jar

Tip Jar allows the Twitterati to generate an additional income source directly via the social media platform. It is a new way of sending and receiving tips so that people can support each other not only in terms of Follows, Retweets, and Likes but even monetarily.

 How to enable Twitter’s Tip Jar? 

Setting up the Tip Jar feature is just a matter of few clicks. Follow these simple steps:

• Go to the Edit Profile
• Switch On the “Tip Jar” setting.
• Toggle and activate Allow Tips. This will display a list of all payment services and platforms available for setting up your tip receiving account.
• Select one or multiple services and add a $Cashtag.
• Once done, the Tip Jar account for your profile is successfully set up and a small button appears on the profile next to the “Follow” button.

 How to send a tip using Tip Jar? 

Users can send or donate a tip using Tip Jar by:

• Click on the Tip Jar
• Select the payment service which you want to send money from (eg. Bandcamp, Cash App, Patreon, PayPal, and Venmo. Additionally, on Android, tips can also be sent using Spaces).
• Once selected, a Tip Jar prompt appears indicating that the tipper will be redirected to a third-party service outside the platform. Click Continue.
• Go to the platform and complete your payment.

Twitter’s Tip Jar Privacy Issue

Though Twitter seems to have nailed this function, some privacy advocates stated that it was exposing the tipper’s identity under certain scenarios.

Problem 1: Security researcher Rachel Tobac found out that while sending someone money via PayPal, it revealed the receiver her home address.

Huge heads up on PayPal Twitter Tip Jar. If you send a person a tip using PayPal, when the receiver opens up the receipt from the tip you sent, they get your *address*. Just tested to confirm by tipping @yashar on Twitter w/ PayPal and he did in fact get my address I tipped him. https://t.co/R4NvaXRdlZ pic.twitter.com/r8UyJpNCxu

— Rachel Tobac (@RachelTobac) May 6, 2021

Problem 2: Former Federal Trade Commission chief technologist, Ashkan Soltani, also dug deeper and found that using PayPal for the Tip Jar not just revealed users’ addresses but even their email addresses, although no transaction took place.

Warning all: @Twitter‘s new “Tip Jar” feature reveals the recipient’s email address that’s linked to their account, even when you don’t send them any actual money

(I got permission from @jason_kint to show his email in this video)

Thread here: https://t.co/Z6WFuXSlgO https://t.co/e8f9J58db7 pic.twitter.com/6u4Vjwkinf

— ashkan soltani (@ashk4n) May 7, 2021

Following these discoveries, Twitter quickly worked around the problem and noticed that the privacy issue was not at their end but the third party i.e. at PayPal’s end. After working out the permutations, they decided that they cannot change PayPal’s functionality but update its notification process. Twitter’s support handle backed this by tweeting,

“We’re updating our tipping prompt and Help Center to make it clearer that other apps may share info between people sending/receiving tips, per their terms.”

The Real Problem

On the other hand, PayPal, in its terms and conditions, has already mentioned under which scenarios will the receiver get the address in the receipt. When people are receiving payments through the platform, they need to either select a “goods and services” or “friends and family” payment. In the case of the former, their address is shared, and in the other case, it is not.

At this point, these Tip Jar privacy issues are still limited to a smaller subset of Twitter’s worldwide users because it has only been made available to “Twitter in English.” Thus, expect Twitter to work overtime before its wider roll-out.

Related News:

How to Report and Regain Access to Your Hacked Twitter Account

The post Twitter’s Latest Feature “Tip Jar” Draws Privacy Concerns appeared first on CISO MAG | Cyber Security Magazine.

The Massive Cybercriminal Campaign

To lure and gain the trust of its victims, cybercriminals are posing as bank representatives or customer support team members on Twitter and laying the booby trap. This massive campaign, which began in January 2021, has already ballooned 2.5-fold (from 600 in January) to a total of 1,600 fake Twitter accounts impersonating banks, until early March.

Digging deep, the security analysts found evidence of at least seven large Indonesian financial institutions that have been targeted under this campaign. The scam affects over two million Indonesian bank customers who are active on the legitimate bank handles on Twitter. Upon discovery of this fraud, Group-IB has informed the banks impacted so that they take the necessary steps to remedy the situation.

The Modus Operandi

Cybercriminals zero down on their victims after a bank customer asks a question or leaves their feedback on the bank’s official Twitter page. They are then promptly contacted by fraudsters who use fake Twitter accounts with a profile photo, name, header, and description, identical to those of the real ones. After engaging in a talk with the victim, attackers soon invite them to take the conversation off-line on a third-party messenger – WhatsApp or Telegram. Furthermore, fraudsters send the bank customers a link asking them to log in there for solving their problem through a complaint. The link redirects to a phishing website identical to the official one. Once they enter their online banking credentials, which include username, email, and password, cybercriminals exfiltrate this data.

Group-IB DRP analysts have recorded similar attempts of implementing a fraudulent scheme on other social media channels, like Facebook, however, the number of such cases is insignificant compared to Twitter.

Ilia Rozhnov, Group-IB head of Digital Risk Protection in APAC, said, “The case with the Indonesian banks shows that scammers have managed to solve one of the major challenges of any attack — the issue of trapping victims into their scheme. Instead of trying to trick their potential victims into some third-party website, cybercriminals came to the honey hole themselves. This campaign is consistent with a continuous trend toward the use of multistage scams, which helps fraudsters lull their victims. They become successful due to the lack of comprehensive digital asset monitoring by financial institutions.”

How to Identify such Scams

The fact that the fraudulent scheme begins on the bank’s official Twitter account makes it challenging for a victim to identify it. To avoid being a victim, one should carefully check the account they are being contacted from. The majority of known brands have verified accounts on social media. If the account does not have “verified” status, then you can check the account’s ID and map it with the ID mentioned on the company’s official website. Also, look out for any phishing links. Spend some extra seconds to check if the link you are going to click is identical to the domain of the official website. Fraudsters often register domain names mimicking official ones, changing one letter in it, or adding a punctuation mark. As rightly suggested by the Group-IB’s DRP team, “The critical examination of any website on which you plan to enter your data is a habit that must be developed by everyone willing to keep their money safe.”

Related News:

Group-IB Finds Half a Million Credit Cards of Indian Banks on Darknet

The Pandemic-hit World Witnessed a 150% Growth of Ransomware

The post Cybercriminals Make Twitter a Playing Field to Target Indonesian Banks appeared first on CISO MAG | Cyber Security Magazine.

By Rudra Srinivas, Senior Feature Writer, CISO MAG

How to check if your Twitter account has been hacked

These are signs that your account has been compromised:

• A change in your name, profile picture, or email address
• New friends or friend requests from strangers with dubious handles
• Unauthorized or inappropriate tweets you did not post
• Following or unfollowing Twitter accounts
• Your password is no longer working, and you are being prompted to reset it

How to recover a hacked Twitter account?

You must act immediately as soon as you become aware that your Twitter account is compromised. It leads to a breach of critical information if a threat actor has access to your personal information for a long time.

Step 1: Reset Your Password

If your account is compromised but you’re still able to log in, change your account password immediately.

To change your password, click on the More option on the homepage >> select Settings and Privacy >> finally click on Change Your Password.

Step 2: Account Recovery

If you are unable to access your account, you’ll have to recover it.

For the Twitter account recovery system, click on Forgot Password on the login page >> enter your email, phone number, or username and click Search >> select the account recovery method >> provide the required details and follow the instructions >> after verifying your account click Reset Password to complete the account recovery process.

 Step 3: Report the Hack 

If you’re still unable to regain access to your compromised account, you should report directly to Twitter Support and select Hacked Account option. The support page displays options to recover your compromised account.

How to avoid getting hacked again?

• Use strong passwords that are a mix of upper and lower case and numbers (e.g. LearnttoRIDEabikeat5)
• Enable Twitter’s two-step authentication (use an Authentication app)
• Cross-check the URL for spelling discrepancies before logging in
• Avoid public Wi-Fi
• Beware of third-party apps’ permissions
• Avoid social logins

Conclusion

Social media accounts have growing importance because people share their personal experiences on virtual communities. With attackers leveraging innovative tactics to exploit loopholes on social media platforms, it is imperative for users to step-up their social media network security. Your social media handles will be secure only when you follow proper security measures.

The Twitter hack is an example of the fact that a human is the weakest link in cybersecurity. According to a Black Hat survey, “A single human mistake, can result in an attacker taking over all of the organization’s infrastructure, no matter what hardware, software, or endpoint security implementation has been done from the defensive team.”

Adhere to Twitter’s new security and privacy policy and observe your account’s activities closely to ensure there are no suspicious activities.

About the Author

 

Rudra Srinivas is a Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.

The post How to Report and Regain Access to Your Hacked Twitter Account appeared first on CISO MAG | Cyber Security Magazine.

FTC’s Legal Route for the Study

When it comes to sharing such information, which involves methodology, technology, and business model, social media companies and other such platforms are apprehensive about it as this could mean sharing of proprietary info. This also means that the company can deny sharing of such info under the proprietary clause. Thus, considering this, the FTC has issued orders to Facebook, WhatsApp, YouTube, Twitter, Amazon, Discord, ByteDance, Reddit, and Snap, under Section 6(b) of the FTC Act, which authorizes the Commission to conduct wide-ranging studies that do not have a specific law enforcement purpose.

The issuance of such order [under section 6(b)] requires a majority vote which the Commission got in a vote count of 4-1. FTC’s Commissioner Noah Joshua Phillips voted against issuing the order and in his dissenting statement argued,

The breadth of the inquiry, the tangential relationship of its parts, and the dissimilarity of the recipients combine to render that these orders are unlikely to produce the kind of information the public needs, and certain to divert scarce Commission resources better directed elsewhere. Hence, I dissent.

The Ones Who Support

Commissioners Rohit Chopra, Rebecca Kelly Slaughter, and Christine S. Wilson have however supported the orders and in their joint statement said,

Digital products were launched with the simple goal of connecting people or fostering creativity. But the industry model has now shifted from supporting users’ activities to monetizing them. This transition has been fueled by the industry’s increasing intrusion into our private lives. Several social media and video streaming companies have been able to exploit their user-surveillance capabilities to achieve such significant financial gains.

What FTC Wants to Study

The joint statement from the Commissioners primarily stated one reason for this inquiry – to know the full scale and scope of social media and video streaming companies’ data collection. However, FTC also has the following agenda on mind:

• What social media and video streaming services collect, how they use it to track, estimate, or derive personal and demographic information.
• How these platforms determine the type of ads and other content displayed to the consumers.
• To know whether any algorithms or data analytics are being applied to users’ personal information.
• Methods used to measure the metrics of promotion, and user engagement.
• How these practices affect the users, especially children and teens.

The FTC explained that its primary objective is to promote healthy competition so that the consumers can benefit from it. Their motto is to protect and educate its consumers and, thus, such studies help.

With regards to their primary objective of promoting healthy competition, the FTC, on December 9, 2020, sued Facebook for Illegal Monopolization. It alleged that the social media giant illegally maintained a monopoly in their business space “through the years-long course of anticompetitive conduct.” Read more about this here.

Related News:

4 Times Data Regulators Slapped High Penalties in 2020

The post Social Media Giants’ Data Collection under FTC Scanner; Amazon, Facebook, and Seven others Summoned appeared first on CISO MAG | Cyber Security Magazine.

By Rudra Srinivas, Feature Writer, CISO MAG

According to “2020 Cost of Insider Threats: Global Report,” insider threats increased by 47% from 3,200 in 2018 to 4,716 in 2020. The cost of insider threat incidents also surged by 31% from $8.76 million in 2018 to $11.45 million in 2020. Negligent employees create around 62% of security incidents, costing global organizations an average of $307,111 per incident.

Apart from regular data breaches and COVID-19-themed cyberattacks, the year 2020 also witnessed several security incidents caused due to an employee’s malicious intension, negligence, or unintentional actions like responding to a phishing email with sensitive information or downloading malicious attachments.

Here are the four alarming incidents of 2020 that highlight insider risks: 

1. General Electric

Two employees at General Electric (GE) illicitly obtained trade secrets and intellectual properties from the company’s advanced computer models. The employees also stole GE’s marketing and pricing details and misused them for their business advantage. After many years of investigation, the FBI convicted the insiders and penalized them for $1.4 million in compensation to GE.

2. Twitter

In July 2020, cybercriminals obtained access to over 130 private and corporate Twitter accounts, in which attackers misused 45 accounts to promote their Bitcoin scam. Attackers compromised Twitter accounts of notable businesses and celebrities including Elon Musk, Bill Gates, Jeff Bezos, Apple, Uber, and other high-profile accounts. According to Twitter’s statement, attackers pilfered confidential account information by spear-phishing some of its employees. Adversaries targeted remote employees, gathered their login credentials by mimicking Twitter IT administrators. The scammers then used this information to break into administrator tools and compromised numerous accounts, changed their login credentials, and advertised their malicious schemes.  The Twitter hack sheds a spotlight on the dangers that insiders pose to organizations of all sizes.

3. Microsoft

A security blunder caused Microsoft’s unsecured database to expose 14 years of customer service and support data dating back to 2005, making it accessible to anyone with a web browser requiring no authentication at all. The exposure was discovered by security researcher Bob Diachenko, who also uncovered a total of five Elastic Servers containing 250 million records including logs of communication between Microsoft’s support engineers and its customers.

According to Microsoft’s statement, on December 5, 2019, a change was made to the said databases’ network security group. It was later found that appropriate measures were not taken to verify the Azure security rules and this misconfiguration further led to the data exposure.

4. Marriott

Global hospitality group Marriott International suffered a massive data breach that exposed the personal information of around 5.2 million guests after cybercriminals exploited a third-party application that Marriott used to provide guest services. It’s believed that the exposed data has been accessed by an unknown third-party using the login credentials of two employees at a group hotel, which is operated and franchised under Marriott’s brand.

In an official release, the company stated that the breach began in mid-January 2020 and was discovered at the end of February 2020. The incident exposed contact details including names, addresses, birth dates, gender, email addresses, employer name, room stay preferences, and loyalty account numbers. Marriott notified the incident to the relevant authorities for further investigation and informed those who were affected in the breach. Marriott also set up a website to help the impacted guests in the incident.

The Consequences of Insider Attacks

Insider attacks can impact an organization in a variety of ways. From high penalties to brand image damage, it whips multiple blows on companies. Some of the consequences include:

• Loss of Customers’ Trust
• Financial Damage
• Loss of Intellectual Properties
• Huge impact on the company’s reputation
• High worth fines from data regulators

Preventive Measures

Though it seems like a tough task to predict or prevent insider threats, there are certain security measures and technologies that can help in identifying them. These include:

• Providing continuous cybersecurity training to employees of all levels in the organization.
• Making employees aware of all kinds of phishing attacks and malicious communications from third-party vendors.
• Securing servers and databases with up-to-date industry specifications.
• Introducing the Zero-Trust Security model.
• Practicing robust authentication practices like 2FA and MFA wherever possible.
• Having an actionable patch management policy.
• Deploying access management and user activity monitoring solutions.

In Conclusion

The consequences of insider attacks are often devastating. Almost every company is vulnerable to insider-related security incidents. However, with a dedicated security team in place and with advanced cybersecurity measures, it is possible to eliminate them. In the current scenario, just relying on 2FA is not enough. Businesses need to start a board-level conversation about real-time behavioral analysis of end-users. This way, potential malicious insiders can be traced if they know they are being tracked.

About the Author

Rudra Srinivas is a Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.

The post Insider Threats: A Byproduct of the New Normal appeared first on CISO MAG | Cyber Security Magazine.

For the uninitiated, Peiter Zatko is among one of the most high-profile hackers in the world. He was also a member of L0pht, a hacker collective that testified in front of Congress on “Weak Computer Security in Government.” During his time with L0pht, Mudge highlighted several security vulnerabilities and also campaigned for safer cyberspace. He has also been credited with releasing several cybersecurity advisories and is also the author of L0phtCrack, a password cracking software.

He has also served in several leadership roles in agencies like DARPA and was also a part of Google’s Advanced Technology and Projects division.

“Looks like the cat is out of the bag. I’m very excited to be joining the executive team at Twitter! I truly believe in the mission of (equitably) serving the public conversation. I will do my best!” Zatko tweeted about his appointment.

This is the second key cybersecurity-related appointment Twitter has in the last couple of months following the mega hack. The short message platform had also come under severe criticism following the account breach of several global leaders and other verified high-profile accounts. During the attack, hackers broke into the backend admin tools and plugged cryptocurrency scams into the high-profile accounts. Following the attack, Twitter had locked and suspended all operations of the affected accounts to investigate the cause and extent of the breach. It also wanted to make sure whether any additional user information was compromised and if any backdoors were created for future account takeovers.

Toward the end of September, Twitter appointed cybersecurity veteran Rinki Sethi as the Chief Information Security Officer.

The post ‘Mudge’ is Twitter’s New Head of Security appeared first on CISO MAG | Cyber Security Magazine.

The DFS, in its investigation report, said that Twitter and other popular social media networks do not have a dedicated federal or state regulator to address the security risks to their digital operating models. These companies are mostly self-regulated and have no accountability for significant cybersecurity lapses. The DFS added that all social media firms, whose platforms reach millions of people globally, should be designated as critical institutions with prudent cybersecurity regulations.

“The Department is issuing this report to alert consumers and voters as they prepare to exercise their basic rights in American democracy, in one of the most consequential elections in generations,” the DFS said.

The recommendations come after the report disclosed the facts surrounding the Twitter hack and the reasons it occurred, which include:

• The hackers accessed Twitter’s systems with a simple technique: by calling Twitter employees and claiming to be from Twitter’s IT department.  After the hackers duped four employees into giving them their login credentials, they hijacked the Twitter accounts of politicians, celebrities, and entrepreneurs, including Barack Obama, Kim Kardashian West, Jeff Bezos, Elon Musk, and several cryptocurrency companies regulated by the Department – accounts with millions of followers.
• The hackers tweeted simple “double your bitcoin” messages, with a link to send payments in bitcoins. In the end, they stole over $118,000 worth of bitcoins from consumers.
• The Department’s regulated cryptocurrency companies, Coinbase, Square, Gemini Trust Company, and Bitstamp responded quickly to block attempted transfers to the Bitcoin addresses the fraudsters used.
• Despite being a global social media platform boasting over 330 million average monthly users in 2019, Twitter lacked adequate cybersecurity protection.  At the time of the attack, Twitter did not have a chief information security officer, adequate access controls and identity management, and adequate security monitoring – some of the core measures required by the Department’s first-in-the-nation cybersecurity regulation.

“Social media platforms have quickly become the leading source of news and information, yet no regulator has adequate oversight of their cybersecurity. The fact that Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer. As we approach an election in fewer than 30 days, we must commit to greater regulatory oversight of large social media companies. The integrity of our elections and markets depends on it. The swift and effective response of DFS-regulated cryptocurrency companies illustrates how effective regulation can foster innovation and growth, while also protecting consumers,” said Superintendent of Financial Services Linda A. Lacewell.

The post DFS Calls for Cybersecurity Protection of Social Media Platforms After Twitter Hack appeared first on CISO MAG | Cyber Security Magazine.

Sethi has served several security leadership roles in a few of the largest technology companies in the world. Prior to Twitter, Sethi was the Vice President and CISO of cloud data management company, Rubrik. Prior to that, she served as the Vice President for Information Security at IBM. She was also the Vice President for Information Security at cybersecurity firm Palo Alto Networks as well as Director & Head of Product Security at Intuit. In a career spanning more than two decades in information security, Sethi has also helmed several leadership roles in companies like eBay, Walmart, and PG&E.

“Today, I’m thrilled to welcome @rinkisethi as the new CISO of @twitter. An inspiring and experienced leader, Rinki comes to us via Rubrik, IBM, and Palo Alto Networks. At Twitter, she will lead our growing InfoSec team, protecting our customers and our company to earn trust,” Nick Tornow tweeted.

The position of CISO had been lying vacant for almost close to a year now, since Mike Convertino stepped down from his role in December 2019. The short message platform had also come under severe criticism following the account breach of several global leaders and other verified high-profile accounts. During the attack hackers broke into the backend admin tools and plugged cryptocurrency scams into the high-profile accounts.

Following the attack, Twitter had locked and suspended all operations of the affected accounts to investigate the cause and extent of the breach. It also wanted to make sure whether any additional user information was compromised and if any backdoors were created for future account takeovers.

Among the affected verified account holders were Jeff Bezos (Amazon CEO), Bill Gates (Microsoft Co-Founder), Elon Musk (Tesla and SpaceX CEO), Warren Buffet (Berkshire Hathaway CEO), Barack Obama (The Former U.S. President), Michael Bloomberg (The Former New York Mayor), Joe Biden (presumptive Democratic nominee for President), Benjamin Netanyahu (Israeli Prime Minister) Kanye West (Rapper) and wife Kim Kardashian (T.V. Celebrity), Wiz Khalifa (Rapper) Apple (Corporate Account), Uber (Corporate Account) and many more.

But the attacks did not stop there. Last month, Indian Prime Minister Narendra Modi’s Twitter account was also hacked. Crypto scammers hacked the verified Twitter account of the Indian PM’s official website and sent out a series of tweets asking its followers to donate towards the PM National Relief fund in cryptocurrency.

The post Twitter Appoints Cybersecurity Veteran Rinki Sethi as CISO appeared first on CISO MAG | Cyber Security Magazine.

 Key Highlights 

• The improved security measures will be applicable for: U.S. Executive Branch and Congress; Governors and Secretaries of State; official handles of Presidential candidates, political parties, and presidential campaigns; all major U.S news outlets and journalists.
• The changes in rules will include Twitter Accounts containing “weak” passwords.
• Twitter additionally advised these accounts to implement its Two-Factor Authentication feature.

Twitter’s Security for 2020 U.S. Election

Twitter realized that a large set of voters, politicians, election officials, and journalists depend on the microblogging site for their fair share of reliable news and information about the election. Thus, it decided to proactively implement account security measures and provide its users’ utmost security and integrity of data being shared across its platform.

Twitter also accepts that it has learned its lessons from the recent security incidents where a trio of young men compromised several high-profile accounts, including the Democratic nominee for President, Joe Biden. Thus, in a bid to further strengthen the security of these high-profile accounts during the 2020 U.S. election, Twitter has taken the following measures:

• Accounts containing “weak” passwords will be mandatorily asked to update and use a stronger password on the next login (beginning September 17).
• Enable its “Password reset protection” feature for all accounts in question by default.
• Encourage accounts to implement the Two-Factor Authentication feature as an additional layer of protection against unauthorized access.

Twitter tends to inform these accounts of the changes being implemented via an in-app notification.

Twitter’s Internal Measures

Twitter subsequently announced that it is not just the user security measures that have been strengthened, but also proactive internal security safeguards.  The additional measures include:

• Advanced and sophisticated detections and alerts to Twitter’s internal teams and account holders, so that rapid response can be given to any suspicious activity.
• Increased login security to defend against hostile account takeover attempts.
• Expedited resolution for account recovery, and many more.

Facebook is also Closing the Gaps

Late last year, Facebook stated that it is tightening its security measures for the 2020 U.S. elections after it detected signs of Russian meddling. The social media giant had stated that it was taking down accounts involved in illicit activities and stepping up searching state-controlled media trying to manipulate American voters.

Facebook had also pledged to use a variety of security measures, including artificial intelligence (AI), to counter such attackers or other online intruders from implementing misleading strategies and false information to meddle in the 2020 U.S. elections.

The post Twitter Pledges a “Safe and Secure 2020 U.S. Election” appeared first on CISO MAG | Cyber Security Magazine.

 Key Highlights 

• Indian Prime Minister Narendra Modi’s official website Twitter Account (@narendramodi_in) was hacked by crypto scammers claiming the name “John Wick”.
• The Twitter account in question has over 2.5 Million followers and posted over 37,000 tweets since its creation in May 2011.
• In a series of posts, the crypto scammers demanded donations from its followers towards the PM National Relief Fund in cryptocurrency.
• Two cryptocurrency accounts, Bitcoin and Ethereum, have been used in the tweets to collect the donations.
• Twitter confirmed the account compromise and immediately took corrective measures to hand over the access controls back to its original administrator.
• Reportedly, the official website in question was also subsequently hacked but was later reinstated by its handlers.

Twitter, in a public statement, stated that it was aware of the (malicious) activity and has taken steps to secure the compromised accounts. Additionally, they also informed about the further investigations that are being carried out for identifying other impacts and compromises, if any.

Meanwhile, Twitter has already taken down the fake tweets and restored the account controls back to the account administrator. The impact of this incident, however, seems to be negligible as until the time of writing this story, only one transaction was recorded (accounting to $0.78) in the public ledger of bitcoin with the addresses mentioned in the tweets.

Not the First Time

Earlier in July 2020, Bitcoin scammers carried out a high-profile hack that compromised nearly 130 Twitter accounts including verified accounts of known personalities like Jeff Bezos, Bill Gates, Elon Musk, Barack Obama, Joe Biden, and corporate accounts of Apple, Uber, and many more.  It was a one of a kind hack, and ever since, it has been termed as “The Greatest Twitter Hack,” simply because multiple verified accounts were hacked simultaneously for scamming people. The FBI later arrested a 17-year-old, Graham Ivan Clark, a resident of Tampa, Florida, and pressed 30 counts of felony charges against him for perpetrating the Twitter hack. The cybercriminal and two of his accomplices earned more than $118,000 from this hack.

The post Twitter Account of Indian PM Narendra Modi’s Official Website Hacked appeared first on CISO MAG | Cyber Security Magazine.