This is the web version of Data Sheet, Fortune’s daily newsletter on the top tech news. To get it delivered daily to your in-box, sign up here.
Twitter got hacked in spectacular fashion last night.
Let me rephrase that: A hack of Twitter became public in spectacular fashion last night. Exactly when a hacker compromised a Twitter employee—or employees—and gained access to privileged, email address-resetting administration tools remains unclear.
“We are certain that it happened before yesterday,” said Roi Carthy, the chief marketing officer at Hudson Rock Intelligence, an Israeli cybersecurity firm that has been tracking a spree of account takeovers that culminated in last night’s fiasco. Carthy guesses the hackers had access to the tooling for “anywhere between 48 hours and a month.”
Screenshot of internal Twitter tool likely used to compromise people’s accounts. Personally identifying information has been blotted out. Courtesy of Hudson Rock Intelligence.
Twitter did not respond to Fortune’s request for comment, but the company seems to be trying to determine the duration and extent of the hacking too. “We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” a Twitter spokesperson said in a statement.
The account takeover spree—which hit Elon Musk, Barack Obama, Apple, and many others—appears to have originated on a forum for buying and selling hacked Twitter and Instagram accounts, called OG Users. At some point, the hackers pivoted to conduct a Bitcoin-related scam, trying to trick people into sending cryptocurrency their way.
Some of the first notable accounts taken over were those of prominent cryptocurrency companies, like Coinbase, Binance, and Gemini. The hackers eventually turned to larger prey, like presidential candidate Joe Biden and Amazon founder Jeff Bezos.
In the end, the scam reaped around 13 Bitcoins, north of $100,000 at the current market price. Of course, the fraudsters would be crazy to attempt to cash out the loot as any cryptocurrency movements will be carefully scrutinized by law enforcement. (A preliminary analysis by Chainalysis, a blockchain tracking firm, suggests that at least some of the money came from accounts controlled by the hackers themselves, likely “to make it seem like more people are participating and benefiting from the scam,” the firm speculated.)
All this leaves me wondering: Why did the hackers blow their access to Twitter “god mode” on, for lack of a better term, shenanigans?
There are better ways to make a quick buck, after all. Why not dig into people’s DMs for blackmail material? (or maybe they did and we just don’t know yet!?) Why not short Tesla stock, say, while falsely tweeting from CEO Elon Musk’s account that he is resigning his post? (Too sophisticated, or traceable?) The gang could have reaped a fortune any number of ways.
Instead, the hackers used their powers to send the equivalent of spam messages. Alex Stamos, the former chief security officer of Facebook, commented in a—what else?—tweet that criminals can be foolish. A hacker once similarly used a string of prized Facebook bugs to spam people, he said. Criminals aren’t always the sharpest.
Twitter’s wreckage reminds me of another huge cybersecurity debacle from a few years ago: the Mirai botnet “distributed denial of service” attacks of 2016. Those hackers got their start in online forums devoted to hacking Minecraft, the Microsoft videogame. Eventually, their mischief spiraled out of control and led to widespread Internet outages.
Perhaps as Wednesday’s situation got out of hand, the hackers amplified their hi-jinx for the lulz. Perhaps they did it for street cred. Or perhaps, as Batman’s loyal butler Alfred once put it, “Some men just want to watch the world burn.”
We’ll have to wait for Twitter’s investigation to conclude to understand what the hackers had access to, for how long, and why they burned their tool so publicly. Let’s just be grateful they didn’t try to start a war using President Trump’s account.
Robert Hackett
This edition of Data Sheet was curated by Aaron Pressman.
NEWSWORTHY
Kiss me deadly. We have covered a lot of genres in Data Sheet this year, including true crime and near surreal levels of comedy. Today, sadly, we add crime noir. Fahim Saleh, founder of Nigerian startup Gokada, was found dead Tuesday at his Manhattan condominium. The circumstances were quite gruesome.
Double indemnity. The European Court of Justice on Thursday threw out an agreement that allowed U.S. companies like Facebook and Google to store data about European residents outside the region. The court found that the Privacy Shield agreement struck four years ago between the U.S. and the EU exposed EU residents to possible U.S. surveillance. The ruling could be a boon for European data center construction if tech companies decide the easiest response is to store data more locally. The impact may be less disruptive than first appears, however. Microsoft said it also transfer data under a different legal cover called standard contractual clauses and would continue to do so.
The big sleep. The world's most popular free email service is getting an overhaul. Google is integrating video chat, file sharing, and pieces of other apps more deeply into Gmail for G Suite users. The goal is to make it easier for users to use multiple apps and collaborate in one place. Across the valley at Apple, the newest iPhone software, iOS 13.6, adds the Car Key feature to unlock and start vehicles, though so far it only works with the new BMW 5 Series. Chinese hardware maker Xiaomi debuted some new products on Wednesday, as well. The Mi Smart Band 5 is a cheap activity tracker with a 1.1-inch screen and the Mi Electric Scooter Pro 2 travels up to 28 miles on a charge. And in enterprise software land, Dustin Moskovitz's startup, Asana, unveiled a new feature called Goals for companies that want to track objectives and key results.
Sweet smell of success. Former first lady Michelle Obama announced an exclusive podcast on Spotify. The aptly titledThe Michelle Obama Podcast starts a nine-week run on July 29 and will focus on personal relationships.
The Lady from Shanghai. On Wall Street, not all the IPO news was good news. Online health insurance broker GoHealth went public, raising over $900 million, but ended its first day of trading 7% below its IPO price. In China, however, the news was very good. Semiconductor Manufacturing International Corp. jumped 245% in its debut on Shanghai's Star market, which has no trading limits for a stock's first five days. SMIC, China's largest chipmaker, raised $7.6 billion, the largest Chinese IPO in a decade.
Vertigo. Michael Dell deserves some kind of lifetime achievement award for financial engineering. Dell's Dell Technologies on Wednesday said it was thinking of spinning off its 81% stake in VMware, which it obtained in the 2016 EMC deal that came before its 2018 return to public markets. Shares of Dell, up a meager 3% previously in 2020, shot up 17% in midmorning trading on Thursday morning. Shares of VMware, down 8% this year, gained 3%.
FOOD FOR THOUGHT
With more than half the world still waiting for high-speed Internet service, a new robot designed by Facebook engineers could help. The robot wraps specially designed fiber optic cable around medium voltage power lines, the ubiquitous electrical transmission wires found almost everywhere. Writer Jack Loughran explains in article at Engineering and Technology.
The robot used to lay the cable includes a vision system to identify obstacles and appropriately adjust its movements to clear them, while maintaining the clearances required to prevent an electrical hazard. Facebook believes each robot should be able to lay between 1.5km to 2km of fibre per day, allowing for rapid rollout of high-speed internet infrastructure.
“We expect the total cost - including labour, depreciation and materials - to be between $2 and $3 per metre in developing countries,” the company said in a blog post. The idea for the project was realised after one of the engineers saw the relative proliferation of MV power lines in Uganda compared to its scant fibre network. Just 28 per cent of people living in Africa are internet users and two-thirds of those are located in South Africa.
IN CASE YOU MISSED IT
Many businesses are using e-commerce for the first time thanks to the pandemic By Rachel Schallom
Netflix Q2 earnings preview: Another huge quarter fueled by the coronavirus? By Aric Jenkins
Why Zoom thinks you might want Zoom-branded hardware By Aaron Pressman
Why Oprah, Natalie Portman, and Howard Schultz are betting big on plant-based milk brand Oatly By Beth Kowitt
How to speed up medical breakthroughs in the post-COVID world By Paul Hudson
How people are getting their workouts in, outdoors and socially distanced, photographed By Armin Harris and Rachel King
(Some of these stories require a subscription to access. Thank you for supporting our journalism.)
BEFORE YOU GO
I don't usually catch many articles from the journal Drug and Alcohol Dependence, but the July issue has a doozy as highlighted by Scientific American. Turns out LSD use is up 50% from 2015 to 2018. Why? “LSD is used primarily to escape. And given that the world’s on fire, people might be using it as a therapeutic mechanism,” Andrew Yockey, a doctoral candidate at the University of Cincinnati and lead author of the paper, tells the magazine. “Now that COVID’s hit, I’d guess that use has probably tripled.” Sounds like LSD should do an IPO in Shanghai. Stay safe out there.
Aaron Pressman
