Illustration: Aïda Amer/Axios

Twitter's major security incident Wednesday — in which hackers took over the accounts of Joe Biden, Barack Obama, Elon Musk, Bill Gates and other notable figures to push a cryptocurrency scam — stunned the worlds of politics and tech.

Why it matters: As bad as Wednesday's rampage was — and it was bad — the real fallout came as business leaders, politicians and everyday users realized that their chosen network for real-time information is even more vulnerable to being hijacked than they thought.

Driving the news:

  • The accounts of high-profile individuals and corporations were compromised within a short period of time Wednesday afternoon, allowing the posting of a message luring people to deposit bitcoin in a specific account.
  • Late Wednesday, Twitter posted: "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."
  • Aiming to contain the problem, Twitter for a time prevented all verified accounts (those of journalists, politicians, celebrities, and other public actors) from posting new messages.

What they're saying: Twitter said its investigation is still ongoing.

  • "We know [the attackers] used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf," the company said in a tweet. "We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it."

The big picture: Experts pointed out that the plot to steal bitcoin was small potatoes compared with the much worse things a malefactor could do with access to Twitter's highest profile accounts.

  • President Trump essentially governs via the social network, dictating new policies and threatening other world leaders. In the wrong hands, that account could start a war. (Trump's account did not appear to be compromised in this incident.)
  • Many have long warned of this danger. I wrote in 2016 that President Trump should ditch his cell phone (and Twitter) for the sake of national security.

Between the lines: Some of the deeper problems revealed Wednesday relate to Twitter's structure.

  • The blue check mark next to a name is supposed to indicate that you can trust the identity of the account.
  • But those are exactly the accounts that were compromised.

Twitter's response blocking all verified accounts from posting, an understandable tactic to limit the spread of the scam, created its own problems.

  • Deprived of their main accounts, many prominent Tweeters turned to old secondary accounts, friends' accounts or all-new accounts to keep posting. Some news outlets, like NBC News, posted to temporary accounts, while others sent out news from less prominent accounts.
  • This workaround allowed them to keep the messages flowing. But it created new long-term problems for Twitter's information climate, since the same method could be used by impersonators to spread misinformation or scams of their own.

What's next: With Twitter's prominence in politics, lawmakers are also promising inquiries.

  • Before the situation had even been resolved, Sen. Josh Hawley (R-Mo.) sent a note to the company demanding answers.
  • And, as former FTC technologist Ashkan Soltani points out, Twitter settled with that agency in 2010 over previous lapses that allowed administrative access to accounts.

Go deeper

America’s meme machine is fueling the populist movement globally

Data: GroupSense; Chart: Andrew Witherspoon/Axios

The QAnon conspiracy is picking up steam abroad, particularly in Europe, where populist movements are on the rise.

Why it matters: "The U.S. has started exporting these domestic-in-origin conspiracy movements to the outside world, "says Zarine Kharazian, Assistant Editor at the Atlantic Council's Digital Forensic Research Lab.

Elliott Abrams to replace Brian Hook as Trump's Iran envoy

Brian Hook. Photo: Tayfun Coskun/Anadolu Agency via Getty Image

President Trump's Iran envoy, Brian Hook, is stepping down and will be replaced by Elliott Abrams, a noted Iran hawk who currently serves as Trump's envoy for Venezuela, Secretary of State Mike Pompeo confirmed Thursday. Abrams will continue to serve in his role as Venezuela envoy.

Why it matters: Hook had been tasked with executing Trump's "maximum pressure" policy toward Iran, working closely with Pompeo. That strategy has deepened tensions and thus far failed to force Iran back to the negotiating table, as Trump had hoped.

Ohio Gov. Mike DeWine tests positive for coronavirus ahead of Trump visit

Photo: Justin Merriman/Getty Images

Ohio Gov. Mike DeWine (R) has tested positive for COVID-19 and plans to quarantine at his home for the next 14 days, his office announced Thursday. He currently has no symptoms.

Why it matters: The 73-year-old DeWine was set to meet President Trump Thursday on the tarmac at an airport in Cleveland and was tested as part of standard protocol. He is the second governor known to have contracted the coronavirus, after Oklahoma Gov. Kevin Stitt (R).