--- title: "Biggest Heist In Twitter’s History: How Cyber Adversaries Used Coordinated Social Engineering Attack To Target Verified Twitter Accounts Of Celebrities | Phish Protection" description: ", the adversaries could successfully barge into some of the most popular accounts of the San Francisco-based social networking platform Twitter." image: "https://phishprotection.com/og/blog/biggest-heist-twitters-history-cyber-adversaries-coordinated-social-engineering-attack-target-verified-twitter-accounts-celebrities.png" canonical: "https://phishprotection.com/blog/biggest-heist-twitters-history-cyber-adversaries-coordinated-social-engineering-attack-target-verified-twitter-accounts-celebrities/" --- Quick Answer On the 15th of July, 2020 , the adversaries could successfully barge into some of the most popular accounts of the San Francisco-based social networking platform Twitter\_. The attackers infiltrated despite Twitter's phishing attack prevention measures and used this access to Twitter's database to hack celebrity Twitter Accounts. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fbiggest-heist-twitters-history-cyber-adversaries-coordinated-social-engineering-attack-target-verified-twitter-accounts-celebrities%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Biggest%20Heist%20In%20Twitter%26%238217%3Bs%20History%3A%20How%20Cyber%20Adversaries%20Used%20Coordinated%20Social%20Engineering%20Attack%20To%20Target%20Verified%20Twitter%20Accounts%20Of%20Celebrities&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fbiggest-heist-twitters-history-cyber-adversaries-coordinated-social-engineering-attack-target-verified-twitter-accounts-celebrities%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fbiggest-heist-twitters-history-cyber-adversaries-coordinated-social-engineering-attack-target-verified-twitter-accounts-celebrities%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fbiggest-heist-twitters-history-cyber-adversaries-coordinated-social-engineering-attack-target-verified-twitter-accounts-celebrities%2F&title=Biggest%20Heist%20In%20Twitter%26%238217%3Bs%20History%3A%20How%20Cyber%20Adversaries%20Used%20Coordinated%20Social%20Engineering%20Attack%20To%20Target%20Verified%20Twitter%20Accounts%20Of%20Celebrities "Share on Reddit") [ ](mailto:?subject=Biggest%20Heist%20In%20Twitter%26%238217%3Bs%20History%3A%20How%20Cyber%20Adversaries%20Used%20Coordinated%20Social%20Engineering%20Attack%20To%20Target%20Verified%20Twitter%20Accounts%20Of%20Celebrities&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fbiggest-heist-twitters-history-cyber-adversaries-coordinated-social-engineering-attack-target-verified-twitter-accounts-celebrities%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/07/phishing-prevention-7961.jpg) On the 15th of July, 2020 \_, the _adversaries could successfully barge into some of the most popular accounts of the San Francisco-based social networking platform Twitter_. The attackers infiltrated despite Twitter’s **phishing attack prevention** measures and used this access to Twitter’s database to hack celebrity Twitter Accounts. This attack has taken the internet by storm as many renowned faces have become its victims. Although Twitter is adopting the [phishing prevention best practices](/phishing-protection-best-practices-guide/), it is unsure whether they will be able to combat the long term effects of this historic breach- A high time organizations must adopt innovative **anti-phishing solutions**. ### So, What Exactly Happened? A notification from Twitter’s handle @TwitterSupport surprised all of its users on Wednesday, 15th of July when they cracked it to the world that accounts of prominent figures, including Bill Gates and Elon Musk have been compromised in a latest cyber attack. After the initial investigation, _Twitter found and revealed that it was a coordinated social engineering attack_. The attackers first compromised a few of Twitter’s employee accounts to gain access to their internal systems and tools, which then enabled them to access all Twitter accounts under the sun. ### Who Were The Victims Of This Attack? > “Zero-day phishing URLs have an average lifespan of just 12 hours before they’re added to blocklists. During that window, traditional signature-based filters are blind. Our real-time behavioral analysis catches these threats by pattern, not by signature - which is how we detect attacks that no database has seen yet.” - **Adam Lundrigan**, CTO, DuoCircle _This social engineering attack was one of its kind in Twitter’s history_. It compromised the accounts of world-famous figures such as Barack Obama, Joe Biden, Mike Bloomberg, Jeff Bezos, Bill Gates, Elon Musk, Kanye West, Kim Kardashian West and Warren Buffet. The attack also had the verified accounts of Apple, Uber, National Weather Services and other crypto-currency and Bitcoin companies hacked. _The attackers strategically targeted these verified accounts to reach a maximum audience via their seemingly credible tweets_. Since people do not usually remember the [phishing prevention tips](/content/phishing-prevention/) while opening links from social media platforms, the attackers could successfully con the Twitter followers of these influential figures. ![Phishing prevention](https://media.mailhop.org/phishprotection/images/2020/07/phishing-prevention-7961.jpg) ### What Were The Fake Tweets Like? Here’s how the fake tweets to gather bitcoins from users looked like. - **Elon Musk’s tweet:** ‘Feeling greatful, doubling all payments sent to my BTC address! You send $1000, I send back $2000! Only doing this for the next 30 minutes. bc1qxy2kgdygjr\*\*\*\*\*\*\*\*\*\* **93p83kkfjhx0wl** - **Kanye West’s tweet:** ‘I am giving back to my fans. All bitcoin sent to my address below will be sent back doubled. I am only doing a maximum of $10,000,00\. bc1qxy2kgdygjrsq\*\*\*\*\*\*\*\*\*\*83kkfjhx0w\*\*. Only going on for 30 minutes!’ - All other tweets revolved around the same lines with Jeff Bezos tweeting, ‘I have decided to give back to my community’ and Bill Gates tweeting, Everyone is asking me to give back, and now is the time.‘ ### What Was The Impact? Naturally, such tweets from the people one idolizes make a person want to try out his/her luck and do whatever it is that’s being asked by them. The fake tweets could convince over **363 Twitter users** that their invested amount will be doubled for real by the celebrities who have all suddenly realized their role towards their fans. The following are the distinguished impacts of the attack on Twitter accounts: - Attackers were able to infiltrate into over **130 Twitter accounts** via this [massive breach](https://www.bbc.com/news/technology-53445090). - Clicks on the Bitcoin collecting domain provided by the attackers in all the fake tweets could collectively **steal $118,000** of people’s hard-earned money. - The attack has raised several questions on the efficiency of Twitter’s [anti-phishing solutions](/products/advanced-threat-defense/). The CEO of ImmuniWeb, Kolochenko highlighted the extreme steps the attackers could have taken using the compromised accounts like declaring nuclear or military war between nations, defamation of rival companies to bring down their stocks, so on and so forth. - Another Twitter user, going by the username of ‘1uc45MH’ expressed his fear about the _level of access Twitter employees have over the accounts of all users which nullifies the prospect of any privacy a user might have_. - _The rate of Twitter’s stock fell from $35.60 to $34.70 within just 15 minutes_, owing to the enormous credibility shattering social engineering attack on the accounts of stars that millions of people looked up to. ### What Is Twitter Doing Presently? _Twitter deems this incident very unfortunate and claims to be doing everything in its capacity to contain and handle the attack_. To ensure **protection against phishing**, Twitter has taken the following steps so far: - CEO Jack Dorsey has assured users via a Tweet that Twitter is _investigating the attack and working relentlessly to get to the root of it_. - Twitter is also employing **anti-phishing services** to identify the other areas of its operations that may have been breached in the attack. - To [prevent phishing](/) attacks, _Twitter has completely locked down the verified accounts that were compromised_. The accounts will continue to be restricted until the company completes its investigations. - To stop more Twitter users from falling prey to the Bitcoin scam and to ensure protection from phishing, _Twitter removed the attacker-posted tweets from the accounts of verified users, on their behalf_. - Further, to ensure [phishing prevention](/), Twitter has also temporarily disrupted services for verified accounts that weren’t targeted in the recent attack. They have done this to curb the threat factor. - _Twitter is taking additional anti-phishing measures to restrict access to internal systems and tools_ within its employees so that the adversaries cannot trick employees with their social engineering schemes in future. ![Phishing prevention](https://media.mailhop.org/phishprotection/images/2020/07/phishing-prevention-7962.jpg) \*\* \*\* The recent attack on Twitter has reinstalled the fear of **social engineering attacks** among people and exposed millions of its users to risks of phishing, ransomware, identity theft and other attacks for the foreseeable future. People should be wise on the web, be rational consumers of the internet and adapt adequate measures for ensuring **protection from phishing** attacks to keep malicious attackers away in the first place. ## Topics [ Phishing ](/tags/phishing/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Foundational 5m 0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[ Foundational 4m 13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[ Foundational 4m All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[ Foundational 4m 2021 Phishing Trends You Need To Be Wary Of Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Biggest Heist In Twitter’s History: How Cyber Adversaries Used Coordinated Social Engineering Attack To Target Verified Twitter Accounts Of Celebrities","description":", the adversaries could successfully barge into some of the most popular accounts of the San Francisco-based social networking platform Twitter.","url":"https://phishprotection.com/blog/biggest-heist-twitters-history-cyber-adversaries-coordinated-social-engineering-attack-target-verified-twitter-accounts-celebrities/","datePublished":"2020-07-20T15:16:45.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-07-20T15:16:45.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/biggest-heist-twitters-history-cyber-adversaries-coordinated-social-engineering-attack-target-verified-twitter-accounts-celebrities/"},"articleSection":"foundational","keywords":"Phishing","wordCount":972,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/07/phishing-prevention-7961.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"So, What Exactly Happened?","acceptedAnswer":{"@type":"Answer","text":"A notification from Twitter's handle @TwitterSupport surprised all of its users on Wednesday, 15th of July when they cracked it to the world that accounts of prominent figures, including Bill Gates and Elon Musk have been compromised in a latest cyber attack."}},{"@type":"Question","name":"Who Were The Victims Of This Attack?","acceptedAnswer":{"@type":"Answer","text":"> \"Zero-day phishing URLs have an average lifespan of just 12 hours before they're added to blocklists. During that window, traditional signature-based filters are blind. Our real-time behavioral analysis catches these threats by pattern, not by signature - which is how we detect attacks that no ..."}},{"@type":"Question","name":"What Were The Fake Tweets Like?","acceptedAnswer":{"@type":"Answer","text":"Here's how the fake tweets to gather bitcoins from users looked like."}},{"@type":"Question","name":"What Was The Impact?","acceptedAnswer":{"@type":"Answer","text":"Naturally, such tweets from the people one idolizes make a person want to try out his/her luck and do whatever it is that's being asked by them. The fake tweets could convince over **363 Twitter users** that their invested amount will be doubled for real by the celebrities who have all suddenly r..."}},{"@type":"Question","name":"What Is Twitter Doing Presently?","acceptedAnswer":{"@type":"Answer","text":"Twitter deems this incident very unfortunate and claims to be doing everything in its capacity to contain and handle the attack_. To ensure **protection against phishing**, Twitter has taken the following steps so far:"}}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Biggest Heist In Twitter’s History: How Cyber Adversaries Used Coordinated Social Engineering Attack To Target Verified Twitter Accounts Of Celebrities","item":"https://phishprotection.com/blog/biggest-heist-twitters-history-cyber-adversaries-coordinated-social-engineering-attack-target-verified-twitter-accounts-celebrities/"}]} ```