STEVE INSKEEP, HOST:
People who follow Jeff Bezos on Twitter saw an offer seemingly too good to refuse - send Jeff Bezos some bitcoin and he would double it. The same offer appeared in the accounts of Elon Musk and Barack Obama, Joe Biden - bunch of other people. And Twitter had to briefly freeze parts of its system while cleaning up this obvious hack. But what's it doing to assure security now? NPR's Bobby Allyn has been digging into this. Good morning.
BOBBY ALLYN, BYLINE: Hey. Good morning.
INSKEEP: How did this develop yesterday?
ALLYN: So if you were on Twitter yesterday, you saw this tweet making the rounds, which said, as you noted, give us some money and we'll double it. To most people, this was very transparently a scam. But then a version of it was shared by some of the most rich and famous people in the world - Jeff Bezos, Bill Gates, Joe Biden, Barack Obama, Kanye West - the list goes on. And it was also shared by major companies like Uber and Apple. And suddenly, it became clear that, look; this was not a one-off. Hackers had compromised hundreds of high-profile Twitter accounts. And it was very coordinated and, to many observers, stunning.
INSKEEP: Who did it?
ALLYN: Twitter says they are looking into that. We don't know who did it. But we do know that Twitter employees were targeted. A major question right now is whether the Twitter employee who was targeted was somehow coordinating with the hackers. There's some confusion about that. But we just don't know. But I asked Mike Chapple if he has any ideas about who might be behind the hack. He's a former National Security Agency computer scientist. And here is his theory.
MIKE CHAPPLE: There wasn't, like, a huge political or strategic motive here. So that makes me think it was probably not a foreign country or some kind of force like that that was conducting this attack. And it's just somebody out to make a few bucks.
ALLYN: And the hackers did generate some income. A public record of the bitcoin transfers shows that more than $100,000 was sent to the hackers, who really could have done something a lot more dangerous by gaining this type of access.
INSKEEP: Well, that's what I'm thinking about, Bobby. A lot of journalists follow Twitter. Twitter can drive what's in the news media. A certain president of the United States says things on Twitter all the time. What he says can change the stock market. So is the platform still vulnerable?
ALLYN: That is the big question right now. Really unsettling to security experts is something Twitter said, which is they are looking into other malicious activities the hackers may have committed, which means this investigation is not over. Did the hackers access other high-profile accounts we don't know about? Did they access private messages? Do they have information that they're withholding but plan to release at a later date? These are all big question marks.
And some of the accounts hacked had multiple layers of password protection and account protection. And that just added to the shock of how exactly did hackers get into these accounts. Data privacy lawyer Tim Toohey says if it is proven that someone inside of Twitter voluntarily handed over administrative controls to the hackers, then Twitter has a serious problem.
TIM TOOHEY: It shows that there is some sort of systemic failure within the company to guard the most basic element of the security, which is to make sure that you have backstops and checks on employees going rogue.
INSKEEP: Any advice for Twitter users at this point?
ALLYN: Well, security experts still recommend ordinary users like you or I on Twitter to use enhanced security protections, like two-factor authentication. But I think what this hack shows is no matter what kind of steps you take to try to protect yourself online, nothing is really foolproof.
INSKEEP: NPR's Bobby Allyn. Thanks.
ALLYN: Thank you.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.