A series of high-profile Twitter accounts were hacked in quick succession Wednesday evening, including those of former President Barack Obama and former Vice President Joe Biden, the leading candidate for the Democratic presidential nomination.
Additionally, the accounts of rapper Kanye West and billionaires Mike Bloomberg, Elon Musk, Warren Buffett and Jeff Bezos were also compromised, along with the corporate accounts for Apple, Uber and Cash App.
“I am giving back to the community,” the message posted on Biden’s account said. “All Bitcoin sent to the address below will be sent back doubled! If you sent $1,000, I will send back $2,000. Only doing this for 30 minutes.”
A variation of this message, with a Bitcoin wallet address, was posted on each affected account after 5 p.m. Wednesday.
“Twitter locked down the account immediately following the breach and removed the related tweet. We remain in touch with Twitter on the matter,” a spokesperson for Biden’s campaign said in a statement.
A spokesperson for Twitter said the company was aware of the issue but did not immediately have a statement. Twitter tweeted from its corporate account that it was investigating and “taking steps to fix it.”
Around 6 p.m. on Wednesday, many verified Twitter accounts were prohibited from tweeting, perhaps an attempt to clamp down on the high-profile ones affected by the hack. Twitter did not immediately respond to a request for comment about what happened.
Those verified accounts were able to still retweet and like posts.
Twitter’s support account, also a verified account, managed to post that users “may be unable to tweet or reset your password” while they are working on the incident.
A spokesperson for Obama declined to comment on the breach.
Around 10:30 p.m., Twitter appeared to have gotten the situation under control, and verified users regained full access to their accounts. Twitter said at the time that the investigation was “ongoing” and put out the following statement:
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
We know they used this access to take control of many highly visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.
We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.
This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.
We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.
Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.
Vice reported Wednesday evening that the hackers worked with, and possibly paid, a Twitter employee to aid with the breach, according to interviews with anonymous sources who claimed to be the hackers and screenshots they provided.
This post will be updated.