Twitter shares soar after buyout story appears on bogus Bloomberg site

How someone was able to buy and, er, move the market

Updated Twitter's shares jumped four per cent this morning after a fake news story claimed the biz had received a $31bn buyout offer.

The reason for the jump was that it appeared to come from respected newswire Bloomberg – but the piece was instead hosted at, and not on the news organization's

"Twitter is working closely with bankers after receiving an offer to be bought out for $31 billion, people with knowledge of the situation said," the five-paragraph fake story started. The domain has been pulled offline in the past few minutes. is a mirror of the website, the copied headlines are real and link back to the real dot-com website. With one exception: the fake Twitter story, which was dressed up to look like a legit webpage.

That is also the only URL that exists under the dot-market website, pointing to a planned effort to put the fake news into circulation. Perhaps the reason for that effort was to benefit from the subsequent spike in the share price, which lasted approximately 15 minutes before Bloomberg denounced the story as fake and the share price dropped back to its previous level.

Twitter saw a spike in its share price until Bloomberg confirmed the story as fake

Wild goose chase

It's not known who owns the dot-market domain, but it was registered at the weekend using a so-called "proxy service" based in Panama. That company, WhoisGuard, protects registrant details by offering its own address and contact numbers.

However, WhoisGuard's details also appear to be fake: their telephone number is disconnected and emails to their contact address have not received a response. The contact details for WhoisGuard on its own website at also fail to work: the telephone number goes through to a voicemail box and emails also fail to receive a response.

WhoisGuard works as an affiliate of the company eNom. A call to eNom's registrar abuse hotline leads only to a voice message that instructs you to send an email through eNom's online portal.

We contacted the company that runs the .market registry, and which is also the parent company to eNom, through whose systems the domain was registered.

Rightside's vice-president of business & legal affairs Statton Hammock told us that his biz had opened an investigation into the situation, and that its compliance manager was looking into whether the registrar has broken the company's acceptable-use policy or violated any of its terms-and-conditions.

Let's see what ICANN has to say...

We also contacted the organization in ultimate charge of the domain name system, ICANN. ICANN develops the rules that registries and registrars are obliged to follow, and has recently been under fire for its lackluster compliance efforts.

An ICANN spokesman told us: "We are not commenting right now."

What this story highlights is that the fears of many companies about the introduction of hundreds of new dot-words are all too real. The fact that the fake story was hosted on the seemingly real web address is almost certainly the reason it was taken seriously.

Under rules developed by ICANN, trademark holders can pay to be added to a "trademark clearinghouse." Once in that clearinghouse, anyone who tries to buy a domain with a mark in it will be warned that they may be violating a trademark, but they will not be prevented from registering it.

When each new internet registry launches, there is also typically a "sunrise" period during which trademark holders can pay a premium to get access to their name first. However, due to the huge number of new extensions launches – more than 500 in the past year – many companies have decided not to spend tens of thousands of dollars registered their namesakes all over the internet.

Bloomberg did take advantage of a private scheme run by large registry operator Donuts in which it was able to put a block on its name across all of Donuts' top-level domains – which is why, for example, is not available to register. That will also mean that will also be restricted when it launches later this month.

However, appears to have slipped through the net, with significant consequences. ®

Updated to add

At about 4pm PDT (2300 UTC), Rightside posted a blog post on the issue, stating that it took down the website "per our standard operating procedures" because it was being used for "nefarious purposes." It explained:

It pains us so greatly that, in the early stages when so many people are forming their first impressions of the TLD [new top-level domain] program, [that] numerous positive examples are sometimes overshadowed by the malicious practices and behaviors of a very small group of people.

Today’s example of is a precise example of this unfortunate phenomenon. There are processes in place to limit the means and extent to which bad actors can utilize new domains for nefarious purposes, and we have worked with Bloomberg to implement those processes and shut down

Similar topics

Broader topics

Other stories you might like

  • Venezuelan cardiologist charged with designing and selling ransomware
    If his surgery was as bad as his opsec, this chap has caused a lot of trouble

    The US Attorney’s Office has charged a 55-year-old cardiologist with creating and selling ransomware and profiting from revenue-share agreements with criminals who deployed his product.

    A complaint [PDF] filed on May 16th in the US District Court, Eastern District of New York, alleges that Moises Luis Zagala Gonzalez – aka “Nosophoros,” “Aesculapius” and “Nebuchadnezzar” – created a ransomware builder known as “Thanos”, and ransomware named “Jigsaw v. 2”.

    The self-taught coder and qualified cardiologist advertised the ransomware in dark corners of the web, then licensed it ransomware to crooks for either $500 or $800 a month. He also ran an affiliate network that offered the chance to run Thanos to build custom ransomware, in return for a share of profits.

    Continue reading
  • China reveals its top five sources of online fraud
    'Brushing' tops the list, as quantity of forbidden content continue to rise

    China’s Ministry of Public Security has revealed the five most prevalent types of fraud perpetrated online or by phone.

    The e-commerce scam known as “brushing” topped the list and accounted for around a third of all internet fraud activity in China. Brushing sees victims lured into making payment for goods that may not be delivered, or are only delivered after buyers are asked to perform several other online tasks that may include downloading dodgy apps and/or establishing e-commerce profiles. Victims can find themselves being asked to pay more than the original price for goods, or denied promised rebates.

    Brushing has also seen e-commerce providers send victims small items they never ordered, using profiles victims did not create or control. Dodgy vendors use that tactic to then write themselves glowing product reviews that increase their visibility on marketplace platforms.

    Continue reading
  • Oracle really does owe HPE $3b after Supreme Court snub
    Appeal petition as doomed as the Itanic chips at the heart of decade-long drama

    The US Supreme Court on Monday declined to hear Oracle's appeal to overturn a ruling ordering the IT giant to pay $3 billion in damages for violating a decades-old contract agreement.

    In June 2011, back when HPE had not yet split from HP, the biz sued Oracle for refusing to add Itanium support to its database software. HP alleged Big Red had violated a contract agreement by not doing so, though Oracle claimed it explicitly refused requests to support Intel's Itanium processors at the time.

    A lengthy legal battle ensued. Oracle was ordered to cough up $3 billion in damages in a jury trial, and appealed the decision all the way to the highest judges in America. Now, the Supreme Court has declined its petition.

    Continue reading

Biting the hand that feeds IT © 1998–2022