Update: Twitter confirmed it believes hackers targeted employees with “a coordinated social engineering attack” that gave the hackers access to “internal systems and tools.”
Cybersecurity experts are speculating about the cause of a spate of high-profile Twitter hijackings that rocked the social media giant on Wednesday.
The accounts of many of Twitter’s most prominent users including former Vice President Joe Biden, Tesla CEO Elon Musk, and Microsoft co-founder Bill Gates posted fraudulent tweets intended to lure people into Bitcoin-related scams.
The growing consensus is that Twitter—the company, rather than individual users impacted—succumbed to a major hack. While the technical details of the latest breach remain unclear, the leading theory is that hackers gained access to an administrative “panel” used by Twitter employees to manage people’s accounts.
Screenshots of the purported panel circulated online in the aftermath of the hacking, as Vice Motherboard reported. Twitter has deleted the images, saying they violate the company’s rules about sharing “private, personal information” in tweets.
A source with intimate knowledge of the company’s internal workings told Fortune this theory was the likeliest explanation for the widespread account hijackings. The individual requested anonymity because of a lack of authorization to speak to press.
“Think of this like a web form,” the source said, describing Twitter’s technical infrastructure. Such tools enable the company’s engineers to handle key operations—everything from account suspensions to advertising campaigns.
But these tools can also allow an attacker—such as a rogue, hacked or otherwise comprised insider—to “come in sideways” and send a tweet from any account, the source said.
Twitter did not respond to Fortune’s questions about the hack, and instead pointed to its public comments. In those comments, the company said it had temporarily disabled tweets and password resets by “verified” accounts while attempting to regain control, an unprecedented measure.
It’s unclear who’s behind the hacking. The perpetrators may have at least been partly motivated by money, given their public posts requesting that Twitter users send them cryptocurrency.
“We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” Twitter said.
Update: This article was updated with information from Twitter about the cause of the hacking. Some information in the article was changed to reflect the latest comment.
