Talk:2020 Twitter account hijacking/Archive 1

To show, or not to show, the BTC address
Since this is going back and forth in the history already (I saw at least remove, revert, censor text, remove again), let’s discuss here whether we should show the BTC address or not, and if yes, how exactly? CC   —Galaktos (talk) 23:39, 15 July 2020 (UTC)


 * I originally included the Bitcoin address in the quote of Elon Musk's Tweet, on the basis that Wikipedia is not censored, and that it is a genuinely useful tool - people investigating or researching the incident can check the blockchain to see transactions going into and coming out of the address, as well as looking at the amount stored, and any patterns of behaviour that there might be. In addition, the address is easily viewable in the many sources on the page.
 * It's now been removed a couple of times, so I think it's probably worth some discussion here. I am still in favour of including it - what do others think?
 * Pinging people who've edited that part of the article:, , and - thoughts would be appreciated
 * Cheers, Naypta ☺ &#124; ✉ talk page &#124; 23:42, 15 July 2020 (UTC)
 * I posted the above at roughly the same time as Galaktos did - well, there's my 2p anyway! Naypta ☺ &#124; ✉ talk page &#124; 23:43, 15 July 2020 (UTC)
 * I instantly thought that it would be irresponsible of us to repost it given the magnitude of what is happening right now and redacted it, but your edit summary in reverting me made me think about it and changed my mind somewhat so I didn't remove it again. I do still see both sides of the argument so don't really have much more useful input for the debate right now. Buttons0603 (talk) 23:58, 15 July 2020 (UTC)


 * I think if it's removed, there should be a note that it's been redacted and the tweet isn't complete. Natureium (talk) 23:44, 15 July 2020 (UTC)
 * We should not be posting spam. Posting the bitcoin address is, on some level, furthering the spammers objectives and posting bitcoin addresses is not something we would generally tolerate. I think the tweetbox without the address is a bit misleading though. So I think Musk's quote should be quoted in the body but without the bit coin address. Best, Barkeep49 (talk) 23:46, 15 July 2020 (UTC)
 * Posting the bitcoin address is, on some level, furthering the spammers objectives - is it? Nobody is going to pay them money from this, and there's no way to link them to it from the address. It's not promotional, it can't be - it's just a type of number. Clearly we wouldn't normally post bitcoin addresses, but here it's the subject of discussion in the article - indeed, the article talks specifically about the number of transactions and the amount of money in the address. Naypta ☺ &#124; ✉ talk page &#124; 23:51, 15 July 2020 (UTC)
 * , it is literally an account number. Anyone reading that could, if they chose, deposit money there. We should not be posting account numbers. We should not be promoting spam. We can discuss this topic in a 100% encyclopedic manner without including this piece of information which is why I dimiss NOTCENSORED concerns in favor of us holding the line against spam and spammers. Best, Barkeep49 (talk) 23:53, 15 July 2020 (UTC)


 * Heck no Might as well just put their Venmo account up too and ask folks to contribute. The address of their wallet is spam (we don't put up phone numbers, or bank routing numbers, or other such sensitive addresses either), and hardly encyclopedic. It should be redacted from the tweet, with a note along the lines of "While Wikipedia is not censored, the address of the Bitcoin wallet has been redacted to comply with Wikipedia's policies on spam." CaptainEek  Edits Ho Cap'n!⚓ 23:56, 15 July 2020 (UTC)
 * (this sort of addresses both of your points) - we wouldn't put up a bank account number because there's nothing someone can do with that other than send money. Here, with an address, anyone can look up details of the transactions and balance. That, to me, is the key difference; there is a direct value for a researcher to have access to that information. — Preceding unsigned comment added by Naypta (talk • contribs) 00:01, 16 July 2020 (UTC)
 * Concur with CaptainEek. WP:NOTCENSORED should not be interpreted as a blanket license to post clearly irresponsible and unhelpful material. I'm not surprised that this needs to be pointed out, but here we are. BirdValiant (talk) 03:09, 16 July 2020 (UTC)


 * I agree with Barkeep49 above that the tweetbox without the actual BTC address lacks context, so we might want to just add something along the lines of in there instead. But the actual address should not be included for the reasons already stated (spam, scam, phishing, personal information). –  bradv  🍁  00:13, 16 July 2020 (UTC)


 * CNN in one of its representative examples blurred out the BTC line from the image of the Tweet ) For us, a Tweet image would be free save for the user icon so while Elon's would be "best", we can use Apple's as a good image representation (See ) and blur out the BTC from that image and upload it as free (apple's logo is uncopyrightable). --M asem (t) 00:32, 16 July 2020 (UTC)
 * EG: is a real quick blurring/pixelation I did that I feel clearly blocks the address, but indicates that it was there. --M asem  (t) 00:36, 16 July 2020 (UTC)
 * I support this. Best, Barkeep49 (talk) 00:42, 16 July 2020 (UTC)
 * I concur. Looks like a good approach. El_C 01:02, 16 July 2020 (UTC)
 * I have gone ahead and added that to the article. --M asem (t) 04:00, 16 July 2020 (UTC)
 * I think the natural inclination here is to remove or censor the Bitcoin address—that was certainly my first thought going into the discussion. However, I also find merit in Naypta's argument. It is true that WP:NOTCENSORED is not in itself a reason for including objectionable content, but there do appear to be legitimate educational benefits to including the content for our readers—the Bitcoin blockchain is public, meaning readers can use the Bitcoin address to analyze the impact of the incident. There seems to be a fear that because this is a financial account number, we should omit it because it is personal information or because it could mislead users into actually sending money to the address. However, that seems quite unlikely given the context of the article, and I don't see it as personal information because a Bitcoin address is not tied to a person's identity as a Venmo account or an account number for a checking account might be. Wikipedia's policies on spam also do not seem to apply here, since our intentions are not to promote the scam. Finally, in general Wikipedia should follow the lead of reliable sources, and a nontrivial number of reliable sources have decided to publish uncensored screenshots of the tweets, including the Wall Street Journal, The Guardian, Bloomberg, The Washington Post (see video at 0:22), and The Verge. As Masem mentioned above, notable contrary examples include CNN's blurring of the address; The New York Times appears to have cropped out the address, and Reuters includes no screenshot in their reporting. Overall, the arguments for including the address appear to be stronger than those for censoring it. Mz7 (talk) 05:15, 16 July 2020 (UTC)
 * I did use and note the Verge source in the commons upload - perhaps we can EFN/footnote a link there to say the original (saved before deletion) can be viewed there? --M asem (t) 05:22, 16 July 2020 (UTC)


 * Support inclusion - I don't think there has been an argument made here, based on WP policy, as to why it should be censored. I concur with most of Mz7's points. Wikipedia is not censored, and there are clear educational benefits, not that this is the main justification for including it. Acalycine (talk) 05:27, 16 July 2020 (UTC)
 * And to just add to this, here, we can use the Verge's image to Commons (same reasoning I did with the uncensored). Keeping it as a image makes it "more work" for someone to use it but that might be the layer of obfuscation some want to avoid a user going to click on easily. --M asem (t) 05:31, 16 July 2020 (UTC)
 * Sure, but there should be no prohibition of inclusion of the text of the address in the article either, if somebody chooses to do so. I don't see justification for any censorship at all. Acalycine (talk) 05:38, 16 July 2020 (UTC)
 * There were multiple addresses used depending on which tweet, but we're not about to go list them all for purpose of security researchers that want to follow up on them. One is fine as a happenstance of being part of the key message the scam is about. --M asem (t)
 * Yes, I support this position, on the basis of a lack of purpose to listing the text of/images of all of the tweets of the people included. One example tweet, in image or in text, is fine. Acalycine (talk) 06:25, 16 July 2020 (UTC)
 * Adding to this, I similarly don't understand the labelling of the address as "spam". Perhaps a more broad definition of the word spam is being used here, but it certainly does not match the one used at WP:SPAM. The address would be spam if it were included in the article with no direct relevance to the article; a random editor swapping out the original address for another address is clearly spam - this is quite different from the inclusion of the address for historical posterity. Acalycine (talk) 05:43, 16 July 2020 (UTC)
 * Don't show it. Although WP isn't censored, the revealing of the address may cause readers to try and enter the rabbit hole. We don't want to be a scammer, so no.  Gerald WL  07:01, 16 July 2020 (UTC)
 * Assuming this is in response to my comments, this does not address my points at all. You're essentially saying "although WP isn't censored, it should be censored." Please cite relevant policies. Acalycine (talk) 07:18, 16 July 2020 (UTC)
 * Could it be partially obscured? I've just woken up this morning, totally missed what happened overnight, went to this article via the front page and this pixelation looked really confusing to me (pictures being the first thing you look at in an article and all). If you just draw a black box across half the address, it'd give readers a much better idea of what they're looking at... EditorInTheRye (talk) 07:15, 16 July 2020 (UTC)
 * First of all, I am not responding to your comment, sorry for my markup typo. Second, although no policies is available that I can cite my opinion, I still firmly believe that, at least until the address is no longer alive, the omitted version should stay. WP:NOTCENSORED does not mean that everything, including the ones that might harm those who are curious to try, can be included. It does not mean Wikipedia has no restrictions whatsoever. So until new information about the address comes out, I will still be firm to my opinion, however others may have one too.  Gerald WL  08:48, 16 July 2020 (UTC)
 * Apologies for the confusion. Bitcoin addresses don't expire, by the way. I simply don't see how harm reduction is a valid reason for censorship. The burden of proof (or justification) is on those supportive of the censorship here, not the other way around. We don't appear to censor details of mass atrocities, for example, even though they may cause harm towards people. We don't censor graphic photos of genitalia, for example, even though they may cause 'harm' to browsing children. Same logic applies here, in my view. Acalycine (talk) 08:58, 16 July 2020 (UTC)

So, should we include the bitcoin address or not? In my opinion, is not something that has to be censored, as bitcoin addresses are anonymous and the transactions are public. I also think it can be useful for everyone to pull the thread, do some research and see the transactions and money collected. Viktaur (talk) 15:38, 16 July 2020 (UTC)
 * Support inclusion - I had to come to the talk page to find it. Doesn't seem like something that needs to be censored, and is obviously a piece of information this article is focused on. If you don't know, you can use the address to look up previous transactions, for example, here: https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh Baldersmash (talk) 08:11, 16 July 2020 (UTC)
 * Support inclusion: there seem to be no policy-based reason not too. ——  § erial  09:43, 16 July 2020 (UTC)
 * Oppose inclusion - Per WP:SPAM. Also, the inclusion of the BTC address is not encyclopedic and does not enhance the reader's comprehension of the scam. Just because there is no censorship doesn't mean there is a sufficient reason to include the uncensored address (WP:GFFENSE). Nice4What (talk · contribs) – (Thanks ♥ ) 15:41, 16 July 2020 (UTC)
 * the inclusion of the BTC address is not encyclopedic and does not enhance the reader's comprehension of the scam - it explicitly does, as explained above, because a technical reader can investigate the transaction history and currency contained within the wallet by looking the address up in the blockchain. This is not some point of no value to a reader - there is a clear argument for inclusion. It's reasonable to say "I don't think that argument is sufficient", but "it does not enhance the reader's comprehension at all" is not accurate. Naypta ☺ &#124; ✉ talk page &#124; 15:46, 16 July 2020 (UTC)
 * Actually, I just added the transaction history as an external link. Serves the "encyclopedic" purpose without explicitly listing the address. Nice4What (talk · contribs) – (Thanks ♥ ) 15:49, 16 July 2020 (UTC)
 * I'm totally fine with that solution, but I think it's a fairly strange one - if we're happy to link to (one particular provider of) transaction history for the address, why would we not just list the address itself? The address is contained within that link, so it's in the wikitext; anyone who wanted to would be able to send money to it through it in just the same way. Naypta ☺ &#124; ✉ talk page &#124; 15:50, 16 July 2020 (UTC)
 * Because the argument for including the address in text is that readers could search up the transactions. Now that there is a direct link to the transactions, there's no need to include that text. Nice4What (talk · contribs) – (Thanks ♥ ) 15:53, 16 July 2020 (UTC)
 * It feels to me like not including the address in the text of the article, but including the link to the transactions, is a reasonable compromise. Andrew Gray (talk) 17:20, 16 July 2020 (UTC)
 * Support inclusion: two reasons. First reason is WP:NOTCENSORED - there is no reason to censor this. No person is going to send their Bitcoins there. Second reason is because the address provides useful information. People can check the address on various blockchain search engines. Obscuring the address hinders that. Elliot321 (talk &#124; contribs) 20:44, 16 July 2020 (UTC)
 * WP:NOTCENSORED does not give reason to include all content possible (WP:GRATUITOUS), so I do not understand your first point alone... And for your second reason, a compromise has been reached to include the transaction history as an external link. Nice4What (talk · contribs) – (Thanks ♥ ) 20:46, 16 July 2020 (UTC)
 * Well, WP:NOTCENSORED does state that we should not censor otherwise encyclopedic material because it happens to be objectionable to some editors. I'm not a fan of the compromise solution because it seems to concede that the address does have encyclopedic benefit, yet it continues to censor it precisely because it happens to be objectionable to some editors. Mz7 (talk) 20:54, 16 July 2020 (UTC)
 * This is particularly about whether to censor a Tweet. The Tweet is going to take up the same amount of space whether the content is censored. The content not being censored is the default state. The censorship of the content is potentially harmful to the usefulness of the article. Therefore, it shouldn't be censored. A "compromise" isn't needed here - there's no reason to censor this. The article on, say, genitals, don't blur the genitals as a "compromise". Elliot321 (talk &#124; contribs) 06:59, 17 July 2020 (UTC)
 * No need to include it all, but the question of censoring it in picture still stands. Emir of Wikipedia (talk) 20:58, 16 July 2020 (UTC)
 * Support inclusion no real reason to hide it. There aren't really any realistic risks of including it. It's not like readers of an article stating the event was a scam are going to see the address and send it money. And if they are, well, that's unfortunate. WP:NOTCENSORED. We expect a certain degree of sensibility from our readers. We don't need to omit content by assuming our readers don't have the sensibility to not send money to it. Given news sources want to censor the address, I think Wikipedia has some responsibility to provide and make easily accessible the information to our readers, for the various useful cases there are of knowing what the address is (like, looking it up on blockchain.info). ProcrastinatingReader (talk) 21:27, 16 July 2020 (UTC)
 * The argument isn't just about 'censoring' the content, but having a reason to include said content. As said above, an external link to Blockchain is already included in the article, thus voiding a reason to include the BTC address. What other reason would a read need said address? Nice4What (talk · contribs) – (Thanks ♥ ) 21:34, 16 July 2020 (UTC)
 * Using different blockchain viewers, doing local analysis on a stored copy of the blockchain, etc. There's a whole host of potential reasons. Naypta ☺ &#124; ✉ talk page &#124; 21:37, 16 July 2020 (UTC)
 * What Mz7 said would be my response. We're censoring it, because...? but we're not censoring it at the same time, by linking to the address? It doesn't really make sense. It's not spam, it's unlikely to cause further scamming, and there's no personal information associated with blockchain addresses. We've already established that it's encyclopaedic, so imo the burden is more on those wishing to censor, to provide a valid reason for it. ProcrastinatingReader (talk) 21:40, 16 July 2020 (UTC)
 * The argument isn't just about 'censoring' the content, but having a reason to include said content. - this is absurd reasoning. The address being included is the default state - the burden of justification for censorship is entirely on those in favour of it. Read WP:NOTCENSORED again. You cannot turn this around into the supporting side being the ones justifying it - not to mention that we already have. Acalycine (talk) 03:33, 17 July 2020 (UTC)


 * Support inclusion Wikipedia is not censored. --RaphaelQS (talk) 15:23, 18 July 2020 (UTC)
 * Money is still being paid into the account: . Mostly very small amounts equal to around 5c, and mostly from newly created accounts. As the account is public, and the account address is given in several reliable sources, and we would not be breaking any laws in posting the address, I support inclusion. I understand the hesitation, and this discussion in itself is of value and reflects well on the community, but I'm not seeing a convincing argument for suppressing the information. SilkTork (talk) 02:19, 19 July 2020 (UTC)
 * ✅. In light of the foregoing discussion, I've gone ahead and WP:BOLDly switched the image over to an uncensored version that I have uploaded to the Commons: File:Twitter bitcoin spam apple 2020-07-15 (uncensored).png. Mz7 (talk) 05:29, 19 July 2020 (UTC)
 * Support inclusion as per above users, WP:NOTCENSORED; it's quite insane to expect readers of an article about a scam to send bitcoin to an address included in said article. BeŻet (talk) 23:02, 20 July 2020 (UTC)

Wikipedia is not censored. I agree with the comment above saying that the spam policy does not prohibit this. Benjamin (talk) 01:16, 20 July 2020 (UTC

My observation is cosmetic in nature. The header image should be edited so that it takes up less vertical space on the page. Its too prominent relative to the article's body text. The page is difficult to read in the Wikipedia app on mobile as a consequence. Kenneth (talk) 11:58, 20 July 2020 (UTC)

Can We remove the BTC address form the photo please.--JRwikifixer (talk) 10:33, 27 July 2020 (UTC)

Move - controversial
scam hack is redundant, and carries the implication that Twitter itself was hacked, which has not yet been confirmed. I oppose the page move, but I've reached 3RR, so I don't think it's a good idea for me to revert it. I don't think this move should have been unilateral - it should have gone through WP:RM as a controversial move - but anyway. Thoughts? Naypta ☺ &#124; ✉ talk page &#124; 00:07, 16 July 2020 (UTC)
 * Agree with your reasoning, and that it should have been discussed first too. I've reverted it myself and left an edit summary for it to be discussed here. Buttons0603 (talk) 00:12, 16 July 2020 (UTC)
 * I disagree but I would move it back but do not want to violate 3RR and since its on WP:ITN i would not move it anyways or discuss the move until its removed from WP:ITN but I do not want it removed from WP:ITN since its newsworthy 🌸 1.Ayana 🌸 (talk) 10:21, 16 July 2020 (UTC)
 * If you know a move is controversial, you should never move it yourself. Instead, you should follow the requested moves process. Naypta ☺ &#124; ✉ talk page &#124; 10:22, 16 July 2020 (UTC)
 * When I moved it it was not on the WP:ITN so i did not think it was controversial I would have followed that process if I knew it was controversial and I would now since it seems to be controversial also remember WP:BRD which is what i am doing 🌸 1.Ayana 🌸 (talk) 15:57, 16 July 2020 (UTC)

Inside job?
Its safe to say that this is an inside job then. The article states that Twitter employees were involved.103.100.11.3 (talk) 05:51, 16 July 2020 (UTC)
 * Between Vice and TechCrunch's sources, its not 100% clear its an inside. Vice's sources say there were employees involved, and Twitter's message suggest, but the TechCrunch side suggests it was more just a compromised account. Either way, they got access to the admin tool to change details and seize control of the accounts to post the tweets. --M asem (t) 06:02, 16 July 2020 (UTC)
 * The individual claims to have paid Twitter staff for it, as quoted in reliable sources, but what an individual claiming to be the hacker says is not really reliable enough for us to call it an inside job. I wouldn't be surprised if it turns out this Kirk bloke had nothing to do with it, this wouldn't be the first time someone on a hacking-related forum took credit for something they didn't do. It shouldn't be called an inside job until RS can confidently state that it was (that would be as a result of a Twitter investigation/announcement, or FBI announcement, arrests, investigations, etc.) For now, we should hold off. ProcrastinatingReader (talk) 21:43, 16 July 2020 (UTC)
 * It is most likely that Twitter had no say in the scams, and the employees were "rogue", there is no trusted sources that say that it was an inside job, and we need to keep a neutral POV of the wiki page, and therefore adding something claiming that this was an "inside job" would just be wrong. We will be checking to see what updates come up. HuyyBoii 05 (talk) 01:25, 17 July 2020 (UTC)
 * Well, if indeed the hack was effected by obtaining an administrative tool, presumably Twitter has safeguards preventing the use of this tool except on their intranet, and so the suspicion once again falls on either an extraordinary flaw in Twitter's opsec, or someone working from within their corporate network. Elizium23 (talk) 09:22, 21 July 2020 (UTC)

Dubious: amount of money made by scammers
The amount of money made by the bitcoin scammers (supposedly $110,000) is dubious because the amount of coins that the scammers may have recieved may have been sent by themselves to make it look like they made 110k. What do we think? P,TO 19104 (talk) (contribs) 15:09, 18 July 2020 (UTC)
 * In theory, but practically that seems like WP:OR. Emir of Wikipedia (talk) 15:11, 18 July 2020 (UTC)
 * The information is verifiable; it's certainly not verifiably false, which is the phrase used at WP:DUBIOUS. I agree with Emir above that it would be OR to make any suggestion that the scammers sent money to themselves, so long as there is no such suggestion in any RS. Naypta ☺ &#124; ✉ talk page &#124; 15:47, 18 July 2020 (UTC)
 * The article actually already acknowledges this possibility: It is unclear if these had been funds added by those led on by the scam, as bitcoin scammers are known to add funds to wallets prior to starting schemes to make the scam seem legitimate. Mz7 (talk) 18:06, 18 July 2020 (UTC)
 * I changed the wording to The bitcoin addresses involved recieved... instead of Scammers received.... Hopefully this resolves the issue. Mz7 (talk) 18:09, 18 July 2020 (UTC)

Requested move 19 July 2020

 * The following is a closed discussion of a requested move. Please do not modify it. Subsequent comments should be made in a new section on the talk page. Editors desiring to contest the closing decision should consider a move review after discussing it on the closer's talk page. No further edits should be made to this discussion. 

The result of the move request was: Consensus to not move.  Super Goose 007  ( Honk! ) 18:20, 26 July 2020 (UTC)

2020 Twitter bitcoin scam → 2020 Twitter bitcoin cyberattack – There were probably hundreds, if not thousands, of bitcoin scams on Twitter this year; this title could refer to any of them. "Bitcoin cyberattack" is specific, relating directly to the cyberattack on Twitter that promoted bitcoin. sam1370 (talk · contribs) 22:49, 19 July 2020 (UTC)


 * Oppose in the this wasn't anything close to a cyberattack. And while there are hundreds of such scams, none of them are notable to have an article - this is very clear what the specific scam was and why it was important. --M asem (t) 23:25, 19 July 2020 (UTC)
 * From Cyberattack: "An attacker is a person or process that attempts to access data, functions or other restricted areas of the system without authorization, potentially with malicious intent." Seems to fit. Also, it's in this article's lead. sam1370 (talk · contribs) 00:52, 20 July 2020 (UTC)
 * If I get Masem's password, by using a RAT, or perhaps pay him a few dollars for it, and then delete the main page would I get my own "2020 Wikipedia cyberattack" article? Probably not. Twitter's servers weren't technically compromised, the attack wasn't "intelligent", the hackers just social engineered a few employees. Most RS use scam, or 'hack'. Very few call it a cyberattack. ProcrastinatingReader (talk) 01:10, 20 July 2020 (UTC)
 * Exactly. Twitter has admitted, and most security experts agree at this point this was social engineering - manipulating people to get onto the Twitter employee slack that got them the code to get in. Compare that to things like Wannacry which is what people expect a cyberattack to be. --M asem (t) 03:13, 20 July 2020 (UTC)
 * Alright. We should probably change the wording in this article's lead then. I'm willing to find an alternative title (something other than the extremely vague one we have right now) but not really sure what would be good. sam1370 (talk · contribs) 15:12, 20 July 2020 (UTC)


 * Oppose not even close to a cyberattack. ProcrastinatingReader (talk) 01:02, 20 July 2020 (UTC)
 * Oppose Cyberattack would be simply taking money - scam works better here Naleksuh (talk) 01:10, 20 July 2020 (UTC)
 * Support. To quote the article: Security experts expressed concern that while the scam may have been relatively small in terms of financial impact, the ability for social media to be taken over through social engineering involving employees of these companies poses a major threat in the use of social media particularly in the leadup to the 2020 United States Presidential election, and could potentially cause an international incident. In terms of long-term impact, the compromise of high-profile accounts itself seems much more important than the resulting scam.BenKuykendall (talk) 01:32, 20 July 2020 (UTC)
 * Support the notion that "scam" is not the salient feature of what happened, but I get the point that a narrow view of "cyberattack" might not fit. So, a middle ground would be something like 2020 Twitter bitcoin security incident. -- Zim Zala Bim talk 02:33, 20 July 2020 (UTC)
 * Since your comment implies that you want a third title, you probably didn't mean to write "Support", which implies that you want the title "cyberattack", so I struck and indented it for you. If you actually did mean to imply you want the cyberattack title despite the text, feel free to restore :) Naleksuh (talk) 02:54, 20 July 2020 (UTC)
 * Sure, that's fine. My primary point is that I think the truly defining feature of this event was the lack of sufficient internal security at Twitter that made this kind of social engineering hack possible. I really think this should be named 2020 Twitter Bitcoin security incident or even just 2020 Twitter security incident, since there now have been reports that private DMs were downloaded. The Bitcoin scam was why they engaged in this, but isn't what's most salient, IMHO. -- Zim Zala Bim talk 18:12, 20 July 2020 (UTC)


 * Oppose does not fit the lay-definition of "cyberattack", regardless of whether it is technically accurate. Axem Titanium (talk) 03:46, 20 July 2020 (UTC)
 * Oppose – While accounts were compromised in a cyber-attack fashion, the attackers used social engineering techniques to get people to willingly give up their bitcoins. In other words, a scam. I would capitalize the title words "bitcoin" and "scam", however. Kringga (talk) 12:54, 20 July 2020 (UTC)
 * In this context, the word "bitcoin" should be capitalized, since it’s not being used in the strict sense of bitcoin as a form of currency. catsmoke (talk) 03:29, 22 July 2020 (UTC)


 * Kinda support, "cyberattack" seems to get misunderstood. I would argue for just using "attack", since I don't think there can be any doubt about that it was an attack. "Scam" is not sufficient since it involved the crackers posting on profiles they shouldn't have access to. So if we can't call it "attack", I would still prefer "cyberattack" even though I am sceptical of most words prefixed with "cyber", as it is often unclear what it actually refers to. You could argue that the attack wasn't that cyber since it seems it was phishing/social engineering. "Cyber", to my ears, makes it sound like they broke cryptography or something. --Ysangkok (talk) 18:55, 20 July 2020 (UTC)
 * I agree we should follow the lead of reliable sources in this case, and if reliable sources have not used "cyberattack", then we shouldn't move the article. However, I am a little skeptical of the claim above that social engineering attacks do not fall under the extremely broad descriptor "cyberattack". Although it is a redlink now, 2020 Twitter bitcoin cyberattack strikes me as a perfectly valid redirect. Someone who manipulates a Wikipedia administrator into giving them access to their account (e.g. via a phishing attack) would be fairly described as an attacker by security researchers, even if they did not, say, exploit a security vulnerability in code. The social engineering attacks that resulted in the current Twitter account compromises were certainly "intelligent" per RFC 2828 in the sense that they were carefully calculated and executed with malicious intent. Mz7 (talk) 21:50, 20 July 2020 (UTC)
 * The claim that there is a scarcity of the term "cyberattack" in reliable sources also appears to be inaccurate. A cursory search revealed the following: The Wall Street Journal, Bloomberg, NPR, Reuters. Mz7 (talk) 22:10, 20 July 2020 (UTC)
 * Going by Gnews, and using a base search of "Twitter bitcoin scam" I get 7M hits. To make sure we're talking recent, "Twitter bitcoin scam musk" (as in Elon) I get 695,000 hits. So starting with that "Twitter bitcoin scam musk" + "cyberattack" only gets 20,900 hits, "Twitter bitcoin scam musk" + "attack" 49,700,  while  "Twitter bitcoin scam musk" + "hack" gets me 329,000 hits. Cyberattack is not a term used by the majority of sources though it is frequently used. --M asem  (t) 22:19, 20 July 2020 (UTC)
 * I think it would be fair to say the majority of reliable sources prefer "scam" over "cyberattack" (the use of raw Google hit counts is not necessarily the best way to measure this, but in this case, I think it's pretty likely you're correct). I just wanted to push back a little on what seems to be an overly narrow interpretation of "cyberattack". The article probably shouldn't be moved, but not for the reasons above. Mz7 (talk) 22:28, 20 July 2020 (UTC)
 * I agree that in the broad definition of cyberattack, this qualifies as one, but as our naming tends to follow what the sources say, it just doesn't seem to apply here. It would be different if the media were completely mischaracterizing this ("this was a cyberworm!") then we'd seek out the more proper term. --M asem (t) 03:07, 21 July 2020 (UTC)
 * , perhaps you're correct and it fits the textbook definition. I just wouldn't see the term accurately describe someone who, for example, buys a $30 RAT and distributes it through some emails or such, with no technical skill at all. A hack, sure, but not so much a "cyberattack", at least in the popular usage of the term. I was opining to some degree there, and the ultimate policy-based reasoning of my point is Most RS use scam, or 'hack'. Very few call it a cyberattack. I guess that's now "fewer, relatively speaking, use "cyberattack". ProcrastinatingReader (talk) 10:08, 21 July 2020 (UTC)
 * Oppose: I think "scam" describes what happened here better than the term "cyberattack", as the main display of the attack was in the running of a scam. MrConorAE (user &#124; talk &#124; contribs) 01:29, 21 July 2020 (UTC)
 * Oppose: Per MrConorAE & Naleksuh — IVORK Talk 03:24, 21 July 2020 (UTC)
 * Oppose per reasons above. CruzRamiss2002 (talk) 12:54, 21 July 2020 (UTC)
 * Oppose it's a financial scam anyway. Rather than calling it a cyberattack, it better suits to be called as a bitcoin scam. Abishe (talk) 17:37, 21 July 2020 (UTC)
 * Oppose. I'm not against a move to a title with "cyberattack" or similar, but it should not be accompanied with "bitcoin", which implies an attack on bitcoin security rather than on Twitter security. -- King of ♥ ♦ ♣</b><b style="color:black"> ♠</b> 00:45, 22 July 2020 (UTC)
 * Oppose there were presumeably other cyberattacks on twitter in 2020, or probably will be, so the unqiueness arguement does not hold water. This new name implies that bitcoin was used in hacking into twitter, not used as part of a scam after gaining acess.  — Preceding unsigned comment added by Multilocus (talk • contribs) 04:13, 22 July 2020 (UTC)
 * Oppose per above - doesn't fit the lay definition of a "cyberattack". The main vulnerability exploited in this incident was Twitter employees, not any technical detail in either Twitter or Bitcoin. Deryck C. 12:05, 22 July 2020 (UTC)
 * Oppose per MrConorAE & Abishe. 0qd (talk) 14:14, 22 July 2020 (UTC)
 * Comment The title can be more descriptive than "cyberattack", how about 2020 Twitter account hijack incident or something like that? If anything I'm just really opposed to having "bitcoin scam" in the title, to be quite honest. What's important is that Twitter got breached and had a major security incident where they were forced to take some drastic action. The actual content of the messages posted are just total run of the mill and does not deserve space in the title. EditorInTheRye (talk) 22:22, 22 July 2020 (UTC)
 * I think the phrasing above best summarises it. The actual thing that happened was a hijacking of high profile accounts; the fact that Bitcoin was involved is secondary to the incident. Were there a way to anonymously move non-Bitcoin currency around the internet, the hijackers might well have gone with something else. SkylarMacDonald (talk) 00:40, 23 July 2020 (UTC)
 * Your title seems much better, although I think “incident” is redundant. sam1370 (talk · contribs) 03:18, 24 July 2020 (UTC)
 * I agree with sam1370 here. Possibly “hijacking” instead of “hijack incident”? Skylar MacDonald (talk) 04:32, 24 July 2020 (UTC)
 * I don't feel strongly about including the word either way, but adding "incident" was just to emphasise that the article refers to a specific event, rather than talking about account hijacks that happened in 2020 in general. EditorInTheRye (talk) 06:27, 24 July 2020 (UTC)
 * I think User:SkylarMacDonald's suggestion ("hijacking") solves that issue. sam1370 (talk · contribs) 23:04, 24 July 2020 (UTC)
 * Comment - Even though the Bitcoin scam was secondary to the high-profile twitter accounts being compromised, there is sufficient information in the article regarding the Bitcoin scam. The information in the article seems to be sufficient for both [Twitter accounts compromise] and [Twitter Bitcoin scam] so we should not stick to either one of the titles as it would require two separate articles. I think [July 2020 Twitter Bitcoin scam] would be appropriate as it specifies the month, the platform, the type of scam and the fact that it was a scam. — Preceding unsigned comment added by 41.115.20.123 (talk) 00:38, 24 July 2020 (UTC)
 * Oppose - per Abishe's comment. Miasma Eternal TALK 03:44, 23 July 2020 (UTC)
 * Oppose MOS:AT states that "A title should be a recognizable name or description of the topic that is natural, sufficiently precise, concise, and consistent with those of related articles", I'm not convinced that "cyberattack" (instead of "bitcoin scam") is sufficiently precise. As this incident is, at least in the media is more known for being a bitcoin or at least a crypto-related scam rather than another plain old generic cyber attack like 2016 Dyn cyberattack (a DDoS attack). Specifying this incident as a bitcoin scam is more precise and recognizable than "cyberattack". If conciseness is less of concern perhaps "bitcoin scam cyberattack"(?), but MOS:AT does say that article titles should be concise (as quoted). <span style="border:2px solid #090E0E;font-family:Gill Sans Nova,DejaVu Serif,Sans-serif;background:#000000;"> Davidbuddy9 💬 13:28, 23 July 2020 (UTC)
 * As I said, there were probably hundreds of bitcoin scams that were disseminated via Twitter this year, so this title is not precise at all. After reading the arguments provided by other people I disagree with this move, but I think it should definitely be something other than what we have now. sam1370 (talk · contribs) 17:50, 23 July 2020 (UTC)
 * I was more or less trying to say that (at least in my opinion) changing the title to bitcoin cyberattack or just cyberattack would reduce the precision of the title (or at least make it more generic in the former case). I didn't mean to say that the current title is precise enough to meet MOS:AT or that it was perfect, that's why I suggested "bitcoin scam cyberattack", but I'm not convinced about that name either (hence the question mark). I agree, if we're able to come up with a more precise title that is sufficiently concise and complies with MOS:AT we should discuss moving this page to that title. <span style="border:2px solid #090E0E;font-family:Gill Sans Nova,DejaVu Serif,Sans-serif;background:#000000;"> Davidbuddy9 💬 20:06, 23 July 2020 (UTC)


 * The discussion above is closed. <b style="color: #FF0000;">Please do not modify it.</b> Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

"Cyberattack" in lead
I think the word "cyberattack" should be replaced with a "social engineering" attack. I think the latter is more specific, while the former may confuse the reader. BeŻet (talk) 12:33, 20 July 2020 (UTC)
 * , doesn't cyberattack mean an attack on a computer system via a vulnerability already (social engineering being one of these)? <span style="font-family:'Roboto',sans-serif;font-weight:300;text-shadow: 2px 2px 10px black;color:black;">Ed 6767   talk!  14:12, 20 July 2020 (UTC)
 * Like I said, "social engineering" is more specific, why not use a more adequate term rather than a vaguer one? BeŻet (talk) 14:48, 20 July 2020 (UTC)
 * I agree with BeZet and I can see that the lead has already been changed to say social engineering rather than cyberattack. Deryck C. 12:06, 22 July 2020 (UTC)

A Commons file used on this page or its Wikidata item has been nominated for deletion
The following Wikimedia Commons file used on this page or its Wikidata item has been nominated for deletion: Participate in the deletion discussion at the. —Community Tech bot (talk) 13:41, 20 July 2020 (UTC)
 * Twitter Administrative Panel July 2020.png

Coinbase says it prevented 1,100 of its customers from sending money to the hackers.
To add to the introductory section:

Coinbase says that, in the wake of Twitter's hack, it prevented over 1,100 of its customers from sending 30.4 BTC, equivalent to $280,000 total, to the hackers.

7 more articles here (click the right arrow if you're on mobile): https://www.techmeme.com/200720/p14#a200720p14

74.101.202.221 (talk) 21:24, 20 July 2020 (UTC)
 * We need better RSes. Most cryptocurrent sources are not reliable to start. --M asem (t) 21:33, 20 July 2020 (UTC)
 * Not really appropriate for the lead either. Emir of Wikipedia (talk) 21:53, 20 July 2020 (UTC)
 * These two look decent The Verge and Digital Trends. --Emir of Wikipedia (talk) 21:54, 20 July 2020 (UTC)
 * Verge one added (but yet, not in lede). --M asem (t) 22:27, 20 July 2020 (UTC)

"The Great Twitter hack" listed at Redirects for discussion
A discussion is taking place to address the redirect The Great Twitter hack. The discussion will occur at Redirects for discussion/Log/2020 July 21 until a consensus is reached, and readers of this page are welcome to contribute to the discussion. Nathan2055talk - contribs 02:35, 21 July 2020 (UTC)

Premptive caution
With the DOJ's announcement, while we know two of the names (and they are ones >18), they have only been charged, and at this point they clearly are non-notable persons - eg they are only BLPCRIME. for that reason, despite that we can name them, we should not for purposes of BLP until they are actually convicted.

The third is a minor (17yr) and while it looks like they will charge him as an adult, all the same cautions apply if not in more caution being a minor. I don't think I see his name yet said, both DOJ and a local press report avoid it, and even if he is convicted, we may need to leave it out. --M asem (t) 19:48, 31 July 2020 (UTC)
 * , The names are all over the news, and this is big news. Natureium (talk) 20:29, 31 July 2020 (UTC)
 * Just being in the news doesn't mean we have to report them, under BLP. We're supposed to use caution and we general do in these cases until the conviction is passed down. --M asem (t) 20:42, 31 July 2020 (UTC)
 * Going to have to agree here, especially on person number 3 who is a minor. Chess (talk) (please use&#32; on reply) 23:33, 31 July 2020 (UTC)
 * In this extreme case, I think that the policy allows for the naming of the individual. Especially given the public statement from the state attorney, the scale and implications of the event, and the notoriety of the victims including a former President of the United States. One-point-twenty-one-jigawatts (talk) 00:35, 1 August 2020 (UTC)
 * You removed a passage that I added and now the article is less precise in a significant way. It now reads that "they will see to try him" which is not accurate.  They are charging him as an adult.  Recommend you return the citation to the state attorney's office and update the verbiage to be accurate.  I am not sure if your rationale here is rooted in the fact that the individual is named in the public statement from the state or not.  Please justify. Thanks. One-point-twenty-one-jigawatts (talk) 13:52, 1 August 2020 (UTC)
 * The state will submit charges on this underaged individual as an adult, but it is up to the judge overseeing the case if they(the judge) will allow that - they probably will. It's just not an automatic thing that happens. But I did meant "seek" not "see" which I fixed. --M asem (t) 14:05, 1 August 2020 (UTC)
 * I believe you are incorrect. See public case number 20-CF-008794-A where the accused is publicly charged with a felony as an adult (case search: https://hover.hillsclerk.com/html/case/caseSearch.html).  Also, please be careful to distinguish between charges and prosecution.  One-point-twenty-one-jigawatts (talk) 16:27, 1 August 2020 (UTC)
 * Okay, I do see Florida has a no-appeals process here for when the state chooses to charge a 17-yr old as an adult. Some states do make that something a judge can rule on and overrule. I will change. --M asem  (t) 17:08, 1 August 2020 (UTC)


 * I'm going to leave this here NYTimes in-depth bio on the Florida minor, as if convicted, then all bets are off about hiding the name/etc and this becomes a useful article, but right now, that's a BLP we can't use. --M asem (t) 14:35, 3 August 2020 (UTC)


 * Fx just had a special where they repeatedly named the Florida minor. It was a horribly confusing show. Guess I only point this out because I think not naming these individuals is pointless as it's out there, they were indicted, and if found guilty or innocent it will be reported on the page. So regardless of blpcrime I think they should be named because of the scope of the crime. SailedtheSeas (talk) 16:52, 21 November 2020 (UTC)

A Commons file used on this page or its Wikidata item has been nominated for deletion
The following Wikimedia Commons file used on this page or its Wikidata item has been nominated for deletion: Participate in the deletion discussion at the. —Community Tech bot (talk) 11:06, 18 March 2021 (UTC)
 * Twitter Administrative Panel July 2020.png

Requested move 25 March 2021
<div class="boilerplate" style="background-color: #efe; margin: 0; padding: 0 10px 0 10px; border: 1px dotted #aaa;">
 * The following is a closed discussion of a requested move. Please do not modify it. Subsequent comments should be made in a new section on the talk page. Editors desiring to contest the closing decision should consider a move review after discussing it on the closer's talk page. No further edits should be made to this discussion. 

The result of the move request was: moved (closed by non-admin page mover) DannyS712 (talk) 01:25, 2 April 2021 (UTC)

2020 Twitter bitcoin scam → 2020 Twitter account hijacking – There was a discussion in July 2020 about renaming the article to to "2020 Twitter bitcoin cyberattack", but the proposal failed, arguably due to the proposed name not being well thought out. However, some good points were made as part of the discussion, albeit not acted upon as the proposal was closed. So I'd like to propose a new name based on what was raised, now that the article is long settled down.

The main argument for removing "bitcoin scam" is the fact that a scam was perpetrated is not what made this event notable - it's the highly visible security breach at Twitter that made this worthy of an article, which should be reflected in the title. The Elon Musk bitcoin scams had been going on for a long time by the time this incident occurred, and they continue to do so - they are not special. EditorInTheRye (talk) 23:16, 25 March 2021 (UTC)
 * Courtesy ping of all participants in previous discussion, , , , , , , , , , , , , , , , , , , , , , EditorInTheRye (talk) 23:20, 25 March 2021 (UTC)


 * Support: it makes sense - the issue wasn't that it was a scam, the issue was about the account security. — MrConorAE (👤U &#124; 💬T &#124; 📝C) 23:28, 25 March 2021 (UTC)
 * Support: Agreed with above — <b style="font-family:Ariel; color:red">IVORK</b> <b style="font-family:Ariel; color:Green; font-size:x-small">Talk</b> 23:45, 25 March 2021 (UTC)
 * Support: per above. The fact that some Bitcoin scam was promoted on Twitter isn't notable by itself; the fact that said Bitcoin scam was promoted by breaching into several high-profile accounts is. Goose ( Talk! ) 23:48, 25 March 2021 (UTC)
 * Comment What do reliable sources call it? While I would agree that "hijack" is a good descriptive term, is this used in RSes? "twitter hijack" only give sources from 2020, while "twitter hack" give recent stories about the latest plea bargains. Let's be careful not to jump to a term not used in the media per WP:COMMONNAME. --M asem (t) 00:24, 26 March 2021 (UTC)
 * I suspect they will be using "hack" or "attack" or some variation involving the words. While these two are common, they're not very precise. An account hijacking is just a type of attack, so we'd be more precise by using the narrower term. A hack is... well, a controversial term for some: hacker culture would describe a hacker as somebody who learns about systems and uses them in unconventional ways - i.e. a good thing. This is not how newspapers use the word - what they call hackers I (and others in the infosec industry) would rather just call criminals, to be quite honest. EditorInTheRye (talk) 08:02, 26 March 2021 (UTC)
 * I know that there was very little hacking (in the proper computer sense) involved here and thus if the common name in the media is "hack" its not good for us to repeat that as the title. But we also have to be careful about creating a title that doesn't have support in the reliable sources either even if we think its more appropriate. The lack of "hijack" in current sources is an issue with using that word. I agree we probably want to move off "scam" as well, but as to what final term, I'm not sure. --M asem  (t) 12:53, 26 March 2021 (UTC)
 * If we can use moving away from "scam" as a starting off point, these are my thoughts about the words that could likely be used in a title if we needed to tweak it further:
 * 1. hack - This term isn't descriptive enough and is mostly favoured by media. An infosec professional wouldn't use this if they had to describe an incident in a few words to somebody with zero knowledge of the incident. We don't write about medical topics in the way newspapers do, we write using proper medical terminology. So this should be no different even if it clashes with WP:COMMONNAME
 * 2. account hijack - an accurate description, although possibly not widely used as has been pointed out. Note that this can't be used simply as hijack as suggested down-thread. There are many other types of attacks that use this terminology.
 * 3. account takeover - possibly a less dramatic version of #2? Again, best used with account and not on its own to avoid the risk of the title suggesting twitter (and not its accounts) was taken over.
 * 4. account compromise - as with #3, but sounds more like actual infosec language, possibly?
 * 5. account hack - ok, if we ignore that this actually uses hack and that it can be a loaded term, since account is also being used it's still clear what the hack was about.
 * 6. incident - optional extra, as in 2020 Twitter account compromise incident. This would serve to make it clear that the article isn't just about all random account compromises that happened in 2020 (god knows there were a lot of them outside of this particular incident!)
 * EditorInTheRye (talk) 13:16, 26 March 2021 (UTC)
 * account compromise or account breach would make sense and is supported by recent sources. We've used "breach" for other infosec issues Yahoo! data breaches for example, and while this was less a forced breach and one that relied on social engineering, this still can be described as such. --M asem (t) 14:07, 26 March 2021 (UTC)


 * Support per above, but the title needs to simplify to just "2020 Twitter hijacking". 36.77.93.241 (talk) 09:31, 26 March 2021 (UTC)
 * Twitter wasn't hijacked, accounts were. That's far too short. --M asem (t) 12:48, 26 March 2021 (UTC)
 * Support sure this feels better than the current. Axem Titanium (talk) 17:05, 26 March 2021 (UTC)
 * Oppose on clarity and common name grounds. Account hijackings happen all the time.  The notable part of this incident was specifically the bitcoin scam - what was done with the hijacked accounts, not merely that they were hijacked.  See https://www.cnbc.com/2020/07/31/twitter-bitcoin-scam-masterminded-by-17-year-old.html for example, a news article with headline of "17-year-old accused of masterminding Twitter bitcoin scam".  Basically I disagree with SuperGoose007 above - the relevant part was the scam, not the hijackings.   SnowFire (talk) 19:12, 26 March 2021 (UTC)
 * Arguably no, the bitcoin scam caught a few, but it was the fact high level profile accounts were taken over - despite that Twitter had various levels of protection to prevent that was the bigger story. The longer-term interest in this story is less about the scam and more the social engineering used by those to get Twitter employees to turn over account details. --M asem (t) 20:01, 26 March 2021 (UTC)
 * No, not all hijacked accounts were used in the "doubling" scam. At first, attackers attempted to sell access to accounts via an internet forum. Only after they were banned there, did they look for another way to make money. 4E616D65 (talk) 09:38, 27 March 2021 (UTC)
 * Support There are thousands of Twitter scams involving cryptocurrency. The notability of this one comes from the fact that the upper-level accounts were hijacked. sam1370 (talk · contribs) 03:43, 27 March 2021 (UTC)
 * Support. The new article name better describes on the breach as a whole rather than the visible mass-media reaction to it. Not all breached accounts were used for the scam. 4E616D65 (talk) 09:43, 27 March 2021 (UTC)
 * Support for the reasons listed above. My previous comments regarded moving away from "scam" toward "hijacking" (etc.) and I still think that's the right thing for this article. Skylar MacDonald (talk) 23:23, 27 March 2021 (UTC)
 * Support for reasons mentioned in the nom and above. I would note that the "news-worthy" part of the story was the hijacking of the high profile accounts, and not that it was necessarily used for a bitcoin scam. Dreamy <i style="color:#d00">Jazz</i> talk to me &#124; my contributions 00:12, 28 March 2021 (UTC)