did not offer clarification but said in a statement that users "may be unable to tweet or reset your password while we review and address this incident."
The unusual scope of the problem suggests hackers
may have gained access at the system level, rather than through individual accounts. While account compromises are not rare, experts were surprised at the sheer scale and coordination of Wednesday's incident.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
"This appears to be the worst hack of a major social media platform yet," said Dmitri Alperovitch, who co-founded cybersecurity company CrowdStrike.
Some experts said it seemed probable that hackers
had access to Twitter's internal infrastructure.
"It is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application," said Michael Borohovski, director of software engineering at security company Synopsys.
"If the hackers
do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction," he said.
Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We're working to get things back to normal as quickly as possible.
— Twitter Support (@TwitterSupport) July 16, 2020
Twitter told Reuters just before 5 p.m. EDT that it was investigating what it later called a "security incident" and would be issuing a statement shortly. However, as of 7 p.m. the company had still not issued an explanation of what exactly took place.
Shares in the social media company tumbled almost 5 percent in trading after the market close before paring their losses.
Earlier, some of the platform's biggest users appeared to be struggling to re-establish control of their Twitter accounts. In the case of billionaire Tesla Chief Executive Elon Musk, for example, one tweet soliciting cryptocurrency was removed and, sometime later, another one appeared, and then a third.
Among the others affected: Amazon founder Jeff Bezos, investor Warren Buffett, Microsoft co-founder Bill Gates, and the corporate accounts for Uber and Apple . Several accounts of cryptocurrency-focused organizations were also hijacked.
Altogether, the affected accounts had tens of millions of users.
Biden's campaign was "in touch" with Twitter, according to a person familiar with the matter. The person said the company had locked down the Democrat's account "immediately following the breach and removed the related tweet." Tesla and other affected companies were not immediately available for comment.
Publicly available blockchain records show that the apparent scammers have already received more than $100,000 worth of cryptocurrency.
Several experts said the incident has raised questions about Twitter's cybersecurity.
"It's clear the company is not doing enough to protect itself," said Oren Falkowitz, former CEO of Area 1 Security.
Alperovitch, who now chairs the Silverado Policy Accelerator, said that, in a way, the public had dodged a bullet so far.
"We are lucky that given the power of sending out tweets from the accounts of many famous people, the only thing that the hackers have done is scammed about $110,000 in bitcoins from about 300 people," he said.