Three Charged in the Single Worst Hack in Twitter's History [UPDATED]

By Bryan Menegus on at

Earlier this month a number of Twitter accounts belonging to prominent, highly-followed individuals like Elon Musk, Joe Biden, Barack Obama, Bill Gates, and Jeff Bezos were compromised, seemingly to defraud strangers out of bitcoin. Unfettered access to potentially sensitive information contained therein generated speculation: Was the cryptocurrency gambit a front to cover up blackmail attempts or nation state-level hacking?

Nope: It was literally just kids who made (and have now presumably lost, or at least lost ready access to) around $180,000 (£137,611) in bitcoin for his troubles, state authorities say. Seventeen-year-old Graham Ivan Clark of the US state of Florida was brought into Hillsborough County Jail around 6:30 am local time today, according to WFLA. The US Department of Justice (DOJ) later announced charges against two additional individuals: Mason Sheppard, 19, based in the UK, and Nima Fazeli, 22, of Orlando, Florida.

Charges against Clark, which were filed by State Attorney Andrew Warren, total 30 felonies, including communications fraud, fraudulent use of personal information, and unauthorised access to a computer or electronic device. He will be charged as an adult.

Sheppard was charged in federal court in California’s Northern District with aiding and abetting the intentional access of a protected computer, according to the DOJ. Fazeli, also charged in the Northern District, is charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.

An investigation into the hack – which, again, compromised a former president and a current presidential candidate and could not have used that access less ambitiously – required two weeks and help from the FBI, Internal Revenue Service, and Secret Service, among others, to complete. In total, the hack impacted around 130 accounts.

It’s believed the hackers were able to gain access to an internal tool used by Twitter employees, which allowed the scammers to reset the email addresses associated with the affected accounts, thereby taking control of them. Twitter has already admitted that Direct Messages sent by and to these accounts were available to the hackers, as they are not encrypted, though it’s unknown if the hackers downloaded those non-public messages.

Featured image: Leon Neal (Getty Images)