‘PlugWalkJoe’ arrested for notorious celebrity Twitter hack of 2020

A 22-year old British national, known online as “PlugWalkJoe”, has been arrested in Spain’s Costa del Sol for allegedly being one of four young hackers who grabbed control of dozens of celebrity Twitter accounts last year and used them to solicit more than $115,000 in bitcoin.

The alleged perpetrators compromised 130 accounts in July last year, according to the latest criminal complaint filed in the Northern District of California, including those of Joe Biden, Barack Obama, Bill Gates, Kanye West and Elon Musk.

The hackers then tweeted out fake messages from the accounts asking their millions of followers to send bitcoin to an account, and promising to double their money if they did so. 

The US Department of Justice said on Wednesday that Joseph O’Connor had been arrested in Estepona by the Spanish National Police on multiple charges related to last year’s high-profile hack.

O’Connor, accused in the DoJ’s criminal complaint of being a prolific hacker named “PlugWalkJoe”, has previously denied responsibility for the hack, telling The New York Times: “I don’t care. They can come arrest me. I would laugh at them. I haven’t done anything.”

He explained to the newspaper that he had corresponded with the other alleged perpetrators but had been getting a massage near his house in Spain when the hack took place.

O’Connor is the fourth person to be charged in connection with the hack. Just two weeks after the July 2020 attack, US authorities named Mason Sheppard, then 19, of Bognor Regis in the UK, and Nima Fazeli, then 22, of Orlando, Florida, and the then 17-year-old Graham Ivan Clark of Tampa, Florida, as defendants in the FBI’s investigation. 

According to the criminal complaint, which has been filed in the Northern District of California, the attacks were conducted by a group of hackers in the business of buying and selling coveted social media screen names, known as “OGUsers”.

O’Connor was identified by FBI agents through a combination of messages he sent via the gamer chat platform Discord, as well as unnamed informants, including one who identified a recording of his voice, the filing said.

US authorities had been receiving tips about his illicit online activity since 2018, according to the filing, which also accused him of hacking the account of “one of the most viewed and followed accounts” on rival social media platform TikTok, compromising a Snapchat user’s nude photographs in order to extort them, and cyberstalking a juvenile victim.

Twitter declined to comment on news of the arrest. 

The Twitter fraud raised more than $115,000 in cryptocurrency, while the hackers also accessed the private message inbox of 36 of the victim accounts and downloaded the personal data of seven, Twitter said at the time. 

The incident caused Twitter to block some verified accounts from publishing tweets for several hours on the day, and prompted widespread criticism of the social media group for lax security practices. 

State prosecutors in Tampa, Florida, last year dubbed Clark the “mastermind” behind the attack, accusing him of using social engineering to trick a Twitter employee into providing credentials to access the company’s customer service portal, under the pretence that he was a co-worker in the information technology department. Access to these “internal controls” then allowed Clark to wield access to the Twitter accounts, state prosecutors said.