Cybersecurity experts are speculating about the cause of a spate of high-profile Twitter hijackings that rocked the social media giant on Wednesday.
The accounts of many of Twitter’s most prominent users including former Vice President Joe Biden, Tesla CEO Elon Musk, and Microsoft co-founder Bill Gates posted fraudulent tweets intended to lure people into Bitcoin-related scams.
Early theories about what went wrong suggested the work of SIM swapping, a hacking technique that involves taking over phone numbers linked to online accounts. Last year, a hacker group employed the method to commandeer Twitter CEO Jack Dorsey’s personal Twitter account.
While the technical details of the latest breach remain unclear, the growing consensus is that Twitter—the company, rather than individual users impacted—succumbed to a major hack. The leading theory is that hackers gained access to an internal tool—an administrative “panel” used by Twitter employees to manage people’s accounts—to conduct the breach.
Screenshots of the purported panel circulated online in the aftermath of the hacking, as Vice Motherboard reported. Twitter has deleted the images, saying they violate the company’s rules about sharing “private, personal information” in tweets.
A source with intimate knowledge of the company’s internal workings told Fortune this theory was the likeliest explanation for the widespread account hijackings. The individual requested anonymity because of a lack of authorization to speak to press.
“Think of this like a web form,” the source said, describing Twitter’s technical infrastructure. Such tools enable the company’s engineers to handle key operations—everything from account suspensions to advertising campaigns.
But these tools can also allow an attacker—such as a rogue, hacked or otherwise comprised insider—to “come in sideways” and send a tweet from any account, the source said.
Twitter did not respond to Fortune’s questions about the hack, and instead pointed to its public comments. In those comments, the company described the event as “a security incident” and said it had temporarily disabled tweets and password resets by “verified” accounts while attempting to regain control, an unprecedented measure.
It’s unclear who’s behind the hacking. The perpetrators may have at least been partly motivated by money, given their public posts requesting that Twitter users send them cryptocurrency.
More must-read tech coverage from Fortune:
- Why companies like Porsche and Nestle are using worker-owned site Braintrust for new hires
- Samsung made a closet that disinfects your clothes
- A.I. can help solve America’s education crisis
- Can Nikola Motor’s big battery promises be true?
- Bored sports fans are flocking to video games, Electronic Arts CEO says