As was reported last week, Google’s G Suite Twitter account had their security breached and sent out a tweet to give away bitcoins spread across the social media platform. Twitter has responded that it was the result of a hacked third-party provider and not the social media platform’s system.
G Suite’s verified account tweeted, assumedly due to the third-party hack:
“Google is giving 10,000 Bitcoin (BTC) to all community!
We decided to make the biggest crypto-giveaway in the world!
Now you can make payments in Gsuite using cryptocurrency!”
In order to participate in the giveaway, a verification address check needed to be completed. In order to complete the check, users just needed to transfer 0.1 to 2 BTC to a payment address in order to receive 1 to 20 BTC back.
According to media site, Hard Fork, a Twitter spokesperson sent an email which confirmed that the hackers exploited a third-party marketing solution to spam the scam Bitcoin giveaway from a variety of verified accounts from major companies. While the email did expound that their system was not at fault, it has refrained from naming the app in question.
The most notable targets from the recent Bitcoin Giveaway scheme, were tech giant Google and retail giant Target. In Google’s case, the scam eventually made its way onto nearly 1 million page followers through an advertisement, however within 10 minutes of the hack, the account was back in the rightful owners control. Target also released an update after their account was reclaimed, calming stating its “Twitter account was inappropriately accessed”.
The use of a third-party marketing app to penetrate security does clarify how a multitude of verified accounts published the same scam. However, this is not the first time that public personalities and companies have had their accounts compromised. Back in March 2018, Cornell professor Emin Gun Sirer, questioned how the social media platform intends to improve when it can’t even “detect this kind of brazen scam?”