• Wed. Oct 11th, 2023

Hacker ‘PlugwalkJoe’ Enters a Guilty Plea for the 2020 Twitter Security Breach

Avatar photo


Jul 11, 2023
'PlugwalkJoe' pleads guilty for 2020 Twitter breach

The attacker was previously charged by the US Department of Justice in November 2021 with using SIM swap attacks to steal cryptocurrencies valued at $784,000. On April 26, 2023, O’Connor, a citizen of the United Kingdom, was finally extradited from Spain to the United States. The Southern District Court of New York is currently handling O’Connor’s case.

Several Attacks in Succession

According to court records, O’Connor and his accomplices switched SIM cards between March 2019 and August 2020, moving the victims’ phone numbers to the cards under their control. Three business leaders who controlled sizable quantities of digital assets and whose accounts were secured by SMS-based two-factor authentication were among the targets of these assaults.

By employing a SIM swap attack to send one-time codes to their own devices, the attackers were able to overcome the 2FA protection and steal $794,000 worth of cryptocurrencies from the victims. The attackers subsequently laundered the funds on multiple Bitcoin mixers.

O’Connor acknowledged his involvement in the Twitter breach that occurred in June 2020. He and his three accomplices acquired access to the accounts of well-known people like Elon Musk, Bill Gates, Jeff Bezos, Warren Buffet, Barack Obama, Joe Biden, Binance, Apple, Uber, and Bitcoin.

Some of these accounts were employed by scammers to steal almost $105,000 through a bitcoin giveaway scheme. The hackers took control of the target accounts by giving unauthorized users access to internal administrative tools used by Twitter workers after gaining access through social engineering.

A popular celebrity with millions of followers on TikTok had their account hijacked in August 2020 by a hacker via SIM swapping, who then utilized it for self-promotion.

The affected account owner was also threatened by the hacker, who said that he would post private information on a Discord channel. The defendant allegedly began his social media hacking campaign in June 2019 by gaining illegal access to a Snapchat account, taking private information, and then blackmailing the account owner.