Several high-profile Twitter accounts were hacked on July 15 -- including those of US presidential candidate Joe Biden, reality television show star Kim Kardashian, former US President Barack Obama, billionaire Elon Musk and rapper Kanye West, among others -- used to solicit digital currency.
Many hours after the first wave of hacks, the cause of the breach had not yet been made public.
In a sign of the seriousness of the problem, Twitter took the extraordinary step of preventing at least some verified accounts from publishing messages altogether.
It was not clear whether all verified users were affected but, if they were, it would have a huge impact on the platform and its users. Verified users include celebrities, journalists, and news agencies as well as governments, politicians, heads of state, and emergency services.
Twitter did not offer clarification but said in a statement that users "may be unable to tweet or reset your password while we review and address this incident."
The unusual scope of the problem suggests hackers may have gained access at the system level, rather than through individual accounts. While account compromises are not rare, experts were surprised at the sheer scale and coordination of Wednesday's incident.
"This appears to be the worst hack of a major social media platform yet," Dmitri Alperovitch, who co-founded cybersecurity company CrowdStrike told Reuters.
Some experts said it seemed probable that hackers had access to Twitter's internal infrastructure.
Twitter told Reuters just before 5.00 pm EDT that it was investigating what it later called a "security incident" and would be issuing a statement shortly.
However, as of 7.00 pm the company had still not issued an explanation of what exactly took place.
Shares in the social media company tumbled almost 5 percent in trading after the market close before paring their losses.
First reaction from Twitter
Hours later, Twitter said that it was still investigating the matter. However, Twitter aid it had “detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” Twitter said on its ‘Support’ handle.
The social media platform clarified that it had “immediately locked down the affected accounts” and removed the tweets posted by the attackers as soon as they became aware of the incident.
“We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely,” it added.
Earlier, some of the platform's biggest users appeared to be struggling to re-establish control of their Twitter accounts. In the case of billionaire Tesla Chief Executive Elon Musk, for example, one tweet soliciting cryptocurrency was removed and, sometime later, another one appeared, and then a third. Among the others affected: Amazon founder Jeff Bezos, investor Warren Buffett, Microsoft co-founder Bill Gates, and the corporate accounts for Uber and Apple.
Several accounts of cryptocurrency-focused organizations were also hijacked. Altogether, the affected accounts had tens of millions of users.
Biden's campaign was "in touch" with Twitter, according to a person familiar with the matter.
Tesla and other affected companies were not immediately available for comment.
Publicly available blockchain records show that the apparent scammers have already received more than $100,000 worth of cryptocurrency.(With inputs from Reuters)