Beautiful Virgin Islands

Wednesday, Jul 08, 2026

US teen ‘mastermind’ behind Twitter hack just finished high school

Graham Ivan Clark faces 30 felony charges for hacking 130 Twitter accounts of business titans and celebrities as part of a cryptocurrency scam.
The alleged mastermind behind the July 15 hack of Twitter accounts of business titans, celebrities and a former president didn’t need sophisticated hacking tools to pierce the company’s security system. Rather, he convinced an information technology employee at Twitter that he was a colleague who needed login credentials to access the company’s customer support platform, according to law enforcement officials.

It worked, in spectacular fashion.

Graham Ivan Clark, 17, allegedly hijacked 130 Twitter accounts as part of a cryptocurrency scam, according to a criminal affidavit filed in Tampa, Florida. The accounts that were hacked included those of former US president Barack Obama, Amazon Chief Executive Officer Jeff Bezos and Tesla CEO Elon Musk.

Clark, who authorities said had just graduated from high school, now faces 30 felony charges for hacking those accounts, posting messages on their behalf and luring additional victims into sending him bitcoin donations worth more than US$100,000, according to law enforcement.

Two others were charged by federal authorities for allegedly aiding in the scheme by serving as brokers on the sale of compromised Twitter accounts: Mason Sheppard, 19, of the UK, and Nima Fazeli, 22, of Orlando.

Lawyers or family members for the defendants couldn’t be located for comment. Clark’s mother, Emiliya Clark, told NBC News that her son was innocent. “I believe he didn’t do it. I’ve spoken to him every day,” she said. “I’m devastated.”

Twitter thanked law enforcement for swiftly making arrests. In its most recent update on the hack, on July 30, the company acknowledged that employees were duped into sharing sensitive information over the phone and that it has decided to temporarily limit access to its internal tools as it seeks to understand the scope of the breach, while improving its security protocols to “make them even more sophisticated.”

Of the 130 accounts that were targeted, 45 had tweets sent from them, according to Twitter. Direct message inboxes were accessed in 36 of the accounts, and Twitter data was downloaded from seven of them, the company said.

Having suffered other embarrassing breaches in recent years, Twitter, the preferred social media platform for President Donald Trump, among other political and business leaders, must now reckon with the possibility that a teenager beat teams of engineers and layers of cybersecurity protections.

Former Twitter security employees have said too many people have access to user accounts, including employees and outside contractors, and that the company management has often dragged its heels on upgrades to information security. Twitter disputed the former employees’ characterisation of the company’s oversight of accounts.

The defendants were allegedly part of an underground subculture of hackers – known as “OGUsers” – who are dedicated to stealing, buying and selling online accounts with desirable usernames. In the OGUser world, a short username on Instagram or Twitter sells for tens of thousands of dollars in cryptocurrency. Winning ownership of usernames, like “@6” or “@dark,” yield their own form of virtual bragging rights.

The hackers in this community are particularly skilled in social engineering, which relies on the art of impersonation and deception rather than traditional hacking, according to cybersecurity experts. Those tools have been successfully leveraged against individuals to steal their social media usernames or credit card details, but not typically in such a brazen fashion.

In one instance, according to the federal complaint, a user named Kirk#5270 said in an online forum, “I work for Twitter. I can claim any @ for you.” Another user, Rolex#0373, who authorities said is an alias used by Fazeli, responded, “Prove it.” During their exchange, Kirk#5270 provided Rolex#0373 with access to the Twitter handle @Foreign for US$500, according to authorities. Kirk#5270 isn’t identified in the complaint, though federal authorities said he played a central role in the Twitter hack.

“Chaewon,” an alleged alias of Sheppard’s, posted an OGUser thread entitled, “Pulling email for any Twitter/Taking Requests.” In it, Chaewon “advertised that he could change email addresses tied to any Twitter account for US$250 and provide direct access to accounts for between US$2,500 and US$3,000,” according to a federal government filing.

Clark has allegedly been active in hacking since before he was a teenager, according to Logan Derouanna, 19, who lives in Florida and said he is no longer part of the OGUser scene.

Derouanna said Clark stole his Instagram account in 2014. “I had my Instagram account hacked when I was 13, and he was literally only 11,” Derouanna said, adding that his account had more than 500,000 followers at the time. “All I did was click a link he sent me.”

Two other hackers independently confirmed Clark has been active since at least 2014.

State authorities have charged Clark as an adult under Florida law, rather than federal, because “Florida law allows us greater flexibility to charge a minor as an adult in a financial fraud case,” said Hillsborough District Attorney Andrew Warren.

“He gained access to Twitter accounts and to the internal controls of Twitter through compromising a Twitter employee.”

US Attorney David Anderson, of the Northern District of California, said there is a “a false belief” among hackers that they can pull off attacks like the Twitter hack “anonymously and without consequence.”

The charging announcement “demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be short-lived,” he said.
Newsletter

Related Articles

Beautiful Virgin Islands
0:00
0:00
Close
Anthropic Reengineers Agentic Architecture to Shift Autonomous Workplace Automation to the Cloud
Logic Flaw in Windows 11 Permission Architecture Silently Consumes Hundreds of Gigabytes of Local Storage
Apple Advances Late-Stage Operating Systems with Fourth Beta Deployments
Global Crisis Alert: Escalating Middle East Tensions and UK Political Upheaval
Deep Purple Has Released Its Best Album in Decades
Microsoft Lays Off 4,800 Employees and Xbox Suffers the Hardest Blow
Morocco and France Advance as 2026 FIFA World Cup Enters Quarterfinals.
Historic 2026 Tour de France Opens in Barcelona With Revamped Team Time Trial.
Global Mergers and Acquisitions Approach $4 Trillion Defying Geopolitical Tumult.
Negotiators Advance 20-Point Framework for Gaza Ceasefire and Demilitarization.
OECD Warns Middle East Conflict Will Depress Global Economic Growth.
Ukrainian Drones Strike Major Oil Terminal in St. Petersburg.
World Meteorological Organization Issues Urgent Alert Over Rapidly Intensifying El Niño.
United States Commemorates 250th Anniversary With Diplomatic Summits and Global Flotilla.
Iran Begins Days-Long Funeral for Supreme Leader Khamenei Amid Strait of Hormuz Standoff.
Technology giant reports surging carbon emissions driven by artificial intelligence infrastructure demands.
Artificial intelligence adoption accelerates workforce reductions across the technology and financial sectors.
Global technology and financial conglomerates collaborate to launch a new stablecoin standard.
United States regulators lift export restrictions on a major frontier artificial intelligence model.
Luxury bags take over the World Cup: style, status symbol, or just showing off?
×