Breaking911 Twitter Account Hacked to Spread Fake Musk Shooting
TL;DR
The @Breaking911 X account, followed by over 1.2 million people, was hijacked and used to post a fabricated report of Elon Musk being shot — a sensational lure designed to drive followers to cryptocurrency scam links. The incident is part of an accelerating wave of high-profile account takeovers on X that exploit trusted brands and breaking-news urgency to defraud millions, fueled by a thriving underground market for compromised verified accounts and a platform struggling with reduced security staffing.
The @Breaking911 account on X — a popular aggregator with over 1.2 million followers that bills itself as "America's #1 Alternative News Source" — was compromised and used to broadcast a fabricated report claiming Elon Musk had been shot. The fake post, designed to generate panic clicks, directed users to external links tied to a cryptocurrency scam .
The incident is the latest in a surge of high-profile account hijackings on Elon Musk's own platform, where trusted brands and news outlets are being systematically targeted by cybercriminals who weaponize their audiences for financial fraud.
The Anatomy of the Attack
The playbook is now disturbingly familiar. Hackers gain control of a verified, high-follower account and immediately post sensational content — in this case, a fabricated report of violence against one of the world's most recognizable figures. The goal is not to spread misinformation for its own sake, but to exploit the spike in attention and emotional urgency to funnel victims toward malicious links .
Breaking911, founded in 2011 by T. Grant Bernson, operates primarily as a Twitter-native news aggregator that repackages breaking headlines with minimal original reporting . Media Bias/Fact Check has rated it a "Questionable Source" based on clickbait headlines and a lack of transparency . But its 1.2 million followers — many of whom have notifications enabled for breaking news alerts — make it an extraordinarily valuable target for hackers seeking maximum reach in minimum time.
The fake Musk shooting post likely followed the same template seen in dozens of recent account takeovers: a sensational headline paired with a link that redirects to a cryptocurrency "giveaway" or investment page, where victims are tricked into sending digital assets to wallets controlled by the attackers .
A Pattern of Escalating Attacks
The Breaking911 hack is not an isolated event. It fits squarely within a campaign that security researchers at SentinelOne have been tracking since mid-2024, in which hackers systematically target high-profile X accounts through phishing operations .
The attackers send emails impersonating X's security team — claiming a suspicious login or copyright violation — and direct targets to credential-harvesting pages hosted on domains like x-recoverysupport.com and securelogins-x.com. Once credentials are captured, the legitimate owner is locked out and the account is repurposed for fraud .
Recent victims of this or similar campaigns include:
- Greg Gutfeld (Fox News host, 3.1 million followers) — hacked on February 7, 2026, with scammers posting cryptocurrency promotions and sending phishing DMs to his entire follower base
- The Tor Project — breached on January 30, 2025
- Linus Tech Tips — compromised in mid-2024, with approximately 1.8 million followers exposed
- Yahoo News UK, Neymar Jr., Lenovo India, and Oliver Stone — all hijacked in a September 2024 operation promoting a Solana-based token called $HACKED
- The U.S. Securities and Exchange Commission — its official X account was breached in January 2024, with hackers posting a fake Bitcoin ETF approval that briefly moved global markets
SentinelOne traced the phishing infrastructure to IP addresses hosted by a Belize-based VPS provider, with domains registered through a Turkish hosting company. Source code comments in the phishing pages were written in Turkish, though researchers cautioned against definitive attribution .
The Underground Economy Behind Account Takeovers
The attacks are sustained by a thriving black market. A CloudSEK investigation found that compromised X Gold and Grey verified accounts are sold on dark web marketplaces for between $1,200 and $2,500 — a price that reflects the enormous profit potential of reaching millions of followers with a single scam post .
The economics are stark. According to Chainalysis, cryptocurrency scams generated an estimated $17 billion in stolen funds in 2025, up from $12 billion in 2024. Impersonation scams — the category that account takeovers fall into — grew by a staggering 1,400% year-over-year, with the average fraudulent payment jumping from $782 to $2,764 .
The sophistication is increasing as well. AI-enabled scams now generate 4.5 times more revenue than traditional approaches, with deepfake videos of public figures like Elon Musk deployed across hijacked YouTube channels and social media accounts to lend credibility to fraudulent schemes .
Why X Is Particularly Vulnerable
The platform's security posture has been a subject of intense scrutiny since Musk's 2022 acquisition. Significant reductions in X's trust and safety teams — including an estimated 80% cut to content moderation staff — have left the platform with fewer resources to detect and respond to account compromises .
In March 2025, Musk himself acknowledged a "massive cyberattack" against X, stating it was carried out "with a lot of resources" by "either a large, coordinated group and/or a country" . A separate breach exposed over 200 million user records, including email addresses, usernames, and profile data — a treasure trove for phishing campaigns seeking to target high-value accounts .
The platform's verification overhaul has compounded the problem. The old blue checkmark system, while imperfect, required identity verification. The current system allows anyone to purchase a blue check for $8 per month, making it easier for scammers to create convincing impersonation accounts and harder for users to distinguish legitimate from fraudulent sources .
The Misinformation Multiplier
Beyond the financial fraud, the Breaking911 incident highlights a more insidious threat: the use of trusted news accounts to inject fabricated events into the information ecosystem during a period of genuine geopolitical crisis.
The hack occurred against the backdrop of an ongoing U.S.-Israeli military campaign against Iran, a period when audiences are particularly primed to believe sensational breaking news about public figures. A fake report of Elon Musk being shot — the owner of both X and SpaceX, a government contractor with deep ties to the current administration — could theoretically move markets, trigger security responses, or incite real-world panic before corrections can spread.
Research from DemandSage found that 86% of global citizens have encountered misinformation online, while 40% of content shared on social media is fake . The World Economic Forum's Global Risks Report 2026 placed misinformation and disinformation among the top short-term global risks, alongside geoeconomic confrontation and societal polarization . The annual economic cost of fake news is estimated at $78 billion globally, including $39 billion in stock market losses .
The exploitation of breaking-news formats is a deliberate tactical choice. When hackers hijacked YouTube channels during the July 2024 Trump assassination attempt, they deployed deepfake Elon Musk videos within hours, capitalizing on the chaotic information environment to push cryptocurrency scams . The Breaking911 hack follows the same logic: manufacturing a crisis to exploit the human instinct to click first and verify later.
What Users Can Do
Security researchers recommend several protective measures :
- Enable two-factor authentication using an authenticator app, not SMS
- Use unique, strong passwords for social media accounts
- Never click login links in emails claiming security issues — go directly to the platform instead
- Be skeptical of sensational breaking news that includes external links, especially involving cryptocurrency
- Report compromised accounts immediately to help platforms respond faster
For account owners with large followings, SentinelOne specifically warns against engaging with emails about copyright violations or suspicious logins, which are the primary phishing lures used in the current campaign .
A Systemic Problem Without a Clear Solution
The Breaking911 hack is a symptom of converging failures: a platform with diminished security infrastructure, a booming criminal economy built on account theft, and an information environment where trust in news sources is at historic lows — just 28% of Americans now trust mainstream media . Each successful attack further erodes the reliability of the channels people depend on for real-time information.
Until X invests meaningfully in account security and phishing prevention — or until regulators force the issue — the incentive structure remains firmly in the hackers' favor. A compromised account with a million followers can generate thousands of dollars in cryptocurrency fraud within minutes, while the platform's response time is measured in hours. In that gap between breach and recovery, the damage is already done.
Related Stories
X Platform Announces Option to Block Grok from Photo Editing
SpaceX Files to Go Public in IPO Targeting $1 Trillion Valuation
Bluesky CEO Jay Graber Shifts to Chief Innovation Officer Role
Social Media Users Turn to X for Morning News Like Digital Newspaper
Elon Musk Declares 2026 the Dawn of Singularity
Sources (17)
- [1]Breaking911 (@Breaking911) on Xx.com
Breaking911's official X profile, self-described as 'America's #1 Alternative News Source' with over 1.2 million followers, founded September 2011.
- [2]The Viral 'Breaking911' Twitter Account Is Not a Trustworthy News Sourceonezero.medium.com
Investigation into Breaking911's history of impersonation issues and reliability concerns as a news aggregator on Twitter.
- [3]Verified X/Twitter Accounts Hacked to Spread Cryptoscamsgridinsoft.com
CloudSEK data shows compromised Gold and Grey X accounts are sold on dark web marketplaces for $1,200 to $2,500, fueling a booming underground economy for account takeovers.
- [4]Breaking911 - Bias and Credibilitymediabiasfactcheck.com
Media Bias/Fact Check rates Breaking911 as a Questionable Source based on clickbait headlines, publication of false information, and lack of transparency.
- [5]Breaking911 - Media Bias/Fact Checkmediabiasfactcheck.com
Breaking911 rated Questionable Source due to promotion of misleading clickbait headlines and lack of sourcing transparency.
- [6]Verified Twitter accounts hacked in $580k 'Elon Musk' crypto scambleepingcomputer.com
Verified Twitter accounts were hijacked to promote Elon Musk-themed cryptocurrency scams, generating over $580,000 in fraudulent transactions.
- [7]Phishing on X: High-Profile Account Targeting Campaign Returnssentinelone.com
SentinelOne documents an active phishing campaign targeting high-profile X accounts using fake login alerts and copyright notices, traced to Turkish-speaking actors using Belize-based VPS infrastructure.
- [8]Fox News Star Greg Gutfeld's X Account Gets Hacked — Posts About Crypto and DMs Followers for a 'Quick Favor'yahoo.com
Greg Gutfeld's X account with 3.1 million followers was hacked on February 7, 2026, with scammers posting crypto promotions and phishing DMs to his entire follower base.
- [9]Massive Twitter Hack Tries, Fails to Promote Crypto Scam in 'Most Incompetent' Hack of the Yeardecrypt.co
September 2024 hack compromised accounts of Lenovo India, Oliver Stone, Yahoo News UK, and Neymar Jr. to promote a Solana token called $HACKED, but attackers only made $8,000.
- [10]SEC X (Twitter) Account Hacked, Tweets Fake News About Bitcoin ETFshackread.com
The SEC's official X account was breached in January 2024, with hackers posting a fake Bitcoin ETF approval that temporarily moved global crypto markets.
- [11]2026 Crypto Crime Report: Scamschainalysis.com
Chainalysis estimates $17 billion stolen in crypto scams in 2025, with impersonation scams growing 1,400% year-over-year and AI-enabled scams generating 4.5x more revenue.
- [12]Hacked YouTube Channels Use Trump Assassination News to Push Crypto Scamhackread.com
Cybercriminals hijacked YouTube channels with millions of subscribers to deploy deepfake Elon Musk videos promoting cryptocurrency scams during the Trump assassination attempt.
- [13]SEC X Account Breach Poses Problem for Elon Musk as He Tries to Rebuild Trustbloomberg.com
The SEC account hack amplified concerns about X's security posture under Musk's ownership, following significant reductions to trust and safety teams.
- [14]Elon Musk on X: 'There was (still is) a massive cyberattack against X'x.com
Musk acknowledged a massive cyberattack against X in March 2025, stating it was done 'with a lot of resources' by 'either a large, coordinated group and/or a country.'
- [15]200 million social media records leaked in major X data breachfoxnews.com
Over 200 million X user records including emails, usernames, and profile data were leaked, creating significant vulnerability to phishing and social engineering attacks.
- [16]19 Fake News Statistics 2026 [Global Reports & Influence]demandsage.com
86% of global citizens have encountered misinformation, 40% of social media content is fake, and fake news costs the global economy $78 billion annually.
- [17]How cognitive manipulation and AI will shape disinformation in 2026weforum.org
The World Economic Forum's Global Risks Report 2026 places misinformation among top short-term global risks alongside geoeconomic confrontation and societal polarization.
Sign in to dig deeper into this story
Sign In