Cyber Incident Victim: Target Corporation
Date:
Nov 2018
Location:
United States of America
Summary
Target's Twitter account was compromised by attackers who posted a fraudulent cryptocurrency giveaway, falsely promising participants over $31 million in bitcoin in exchange for small payments. The unauthorized access lasted roughly 30 minutes before the retailer removed the deceptive tweet, locked the account, and collaborated with Twitter to investigate the breach. This incident mirrored prior scams targeting verified accounts, including those impersonating high-profile figures to solicit bitcoin transfers under the guise of fake promotions. The attackers exploited the platform to mislead users into sending cryptocurrency, though the specific origin of the breach remained unidentified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 13, 2018, Target Corporation’s official Twitter account was compromised by attackers who used it to promote a cryptocurrency scam. The breach occurred earlier that Tuesday, with unauthorized access lasting approximately 30 minutes. During this period, the hackers posted a single fraudulent tweet directing followers to participate in a fake bitcoin giveaway. The tweet encouraged users to send small amounts of cryptocurrency in exchange for a purported chance to win over $31 million worth of bitcoin. Target confirmed the incident to The Next Web’s Hard Fork, clarifying the scope and duration of the breach. The company acted swiftly to remove the malicious tweet and temporarily locked its Twitter account as a precautionary measure. Target also stated it was collaborating closely with Twitter to investigate the incident, though no specific technical details about the breach’s origin or entry point were disclosed. The scam mirrored tactics observed in earlier attacks targeting European online retailers in November 2018, where hackers similarly exploited verified accounts to distribute fraudulent cryptocurrency offers.
The incident leveraged social engineering tactics previously used against high-profile figures like Tesla CEO Elon Musk, whose impersonated accounts had promoted identical bitcoin giveaway schemes. In those cases, attackers altered account names and profile images to mimic Musk, falsely claiming he was conducting a “world’s biggest crypto giveaway” to lure victims. Target’s response focused on containment, including tweet deletion and account lockdown, but did not reveal whether customer data or internal systems were compromised beyond the Twitter account takeover. The company did not disclose the number of users affected by the scam or quantify financial losses, if any. The breach highlighted ongoing vulnerabilities in social media platform security, particularly for verified organizational accounts trusted by large audiences. Target’s public communication emphasized remediation steps without elaborating on long-term preventive measures or attributing the attack to specific threat actors. Similarities to prior cryptocurrency scams suggested a broader pattern of financially motivated social media account takeovers during this period.