Hackers Breach Third Party Site to Tweet Political Messages

Hundreds, or possibly thousands of Twitter accounts were hacked and used to send political messages. Accounts of organizations and individuals around the world such as Forbes, the U.K. Department of Health, Starbucks in Argentina, the European Parliament, Amnesty International, Justin Bieber, and many others were victims in this attack that appears to support the Turkish president Recep Tayyip Erdogan.

Being blamed is two-time offender Twitter Counter. This is a tool that users can connect to their Twitter accounts to retrieve analytics such as responses to tweets, number of retweets, etc. Analysts believe that the hackers breached this site, which then gave them direct access to the victims’ accounts where they could tweet away without intervention. To its credit, Twitter Counter is taking some responsibility and investigating.

The risk of using social media accounts to connect to third party apps, or to log into third party apps is clearly demonstrated with this story. If the third party is breached, whomever did it (or sells the information) can also get to the social media account(s) connected to it. If there is an option, and there usually is, to create new and different login credentials for a site you want to use, take them up on it.

Also, always use unique, and strong, passwords for each site you log into.

Yes, these two pieces of advice might be a little cumbersome to follow, but just a few extra seconds can prevent your accounts from being used to promote someone else’s agenda.

Also, while there is no evidence this is what happened here, hackers have been successful at getting into accounts by requesting a password reset. Often in order to reset a password, challenge questions are presented. These are the ones that are set up when an account is first created. Many times, the choices of the questions have corresponding answers that are easily found on social media.

For example, if you have a Facebook account, there is a lot of information about you in the “About” section, such as where you are from. If you show this on your profile page, it isn’t so difficult for a cybercriminal to look that up and answer that “City where you were raised” question that often comes up as a choice so often in these lists.

In these cases, choose questions and answers that cannot easily be guessed or learned by perusing your social media profiles. Consider what you do share with others too; in your profiles and in your posts, tweets, stories, and shares. The more you share, the more others can find out about you and use it against you.

The other time Twitter Counter was breached was in November of 2016. At that time, it was advertising that was tweeted. Then, the CEO of the company promised that the hackers would not be able to do it again and that he was 95% sure that the issue had been resolved.

Twitter has blocked access from Twitter Counter and as of writing, that site was completely taken down. A message appears stating, “It seems there has been an internal server error with the page you requested. Send if the problem persists!”

© Copyright 2017 Stickley on Security