Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Teenager arrested for masterminding Twitter hack

Last updated

A 17 year-old has been arrested in Tampa, Florida and is accused of being the lead actor behind the Twitter cryptocurrency hack.

Hillsborough, Florida has filed 30 felony charges against Graham Clark, in connection with the July 15 Twitter attack. That attack resulted in dozens of high-profile Twitter accounts, including Apple's, to post a scam asking for a Bitcoin deposit, that the post alleged would then be doubled.

According to State Attorney Andrew Warren, the hack and messages resulted in over $100,000 in Bitcoin transferred to an account held by the teen.

"I want to congratulate our federal law enforcement partners - the US Attorney's Office for the Northern District of California, the FBI, the IRS, and the Secret Service - as well as the Florida Department of Law enforcement," State Attorney Warren said in a statement to WFLA. "They worked quickly to investigate and identify the perpetrator of a sophisticated and extensive fraud,"

"This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems," Twitter said in a tweet on Thursday. "By obtaining employee credentials, they were able to target specific employees who had access to our account support tools."

Clark allegedly used Twitter's admin privileges to bypass two-factor authentication protections on accounts. The attacker then changed the email and passwords of exploited accounts accounts.

Beyond the statement, on Thursday, Twitter provided additional information about the attack, again saying a total of 130 Twitter accounts were targeted in the operation. Tweets were sent out from 45 accounts, including Apple, Elon Musk and Jeff Bezos.

In addition to the Tweets asking for the Bitcoin, the direct message inboxes of 36 accounts, still not yet named, were accessed. Undisclosed "Twitter Data" from seven accounts was also downloaded, Twitter says.