Twitter Counter hacked, nasty Tweets posted

Next story
Olivia Storey/James Pavett

Thousands of high profile Twitter accounts hacked and posting offensive Tweets.

Compromised accounts of Forbes, Amnesty International, the BBC’s North American service, and Boris Becker sent Tweets containing swastikas and pro-Erdoğan support, relating to Turkey’s current diplomatic conflict with Germany and the Netherlands.

The accounts were not hacked directly through Twitter, but as a result of a third party attack on analytics service Twitter Counter.

Unfortunately, for Twitter Counter, this is their second cyber hack in less than 6 months, and could have possibly been targeted due to the knowledge of their vulnerability.

The company have now taken measures to block the abuse of their users’ accounts, by stopping the ability to post Tweets and changing their Twitter app key. There is a full investigation into Twitter Counter, and Twitter has responded by removing Twitter Counter’s permissions immediately.

Mark James, ESET IT Security Specialist, talks about this kind of third party hacks and how to check your social media privacy and permissions.

“One of the problems with these types of “hacks” is the perception of who actually has been hacked.

“Our first impressions is Twitter, but in fact a third party tool was compromised that has the ability or permission to post to Twitter on your behalf.

“With so many add-ons and extensions for our social media world there are hundreds and thousands of these types of apps available to add little features or additions to our software.

“Sadly the companies that spend huge amounts of money keeping your data safe and secure are at risk when something like this happens.

“We should review what services have permissions to take action on our social media accounts on a regular basis.

“On Twitter for instance, this can be done on the Twitter website; once there head to “Profile and Settings” and choose “Settings and Privacy” then select “Apps”.

“If you have associated any services you will see them listed here with an option to “Revoke Access” as a tab to click.

“One of the nice things here is seeing when it was approved, you could determine if it’s still valid and if not remove it.

“If you make a mistake you can always click the “Undo Revoke Access” button to put it right.

“While you’re at it why not check Facebook as well, go to the Facebook website and choose “Settings” from your profile, select “Apps” and review what does and does not have access to your data and profile.

“In theory, if we grant permission to an app to access our account and post information on behalf of us, it can do exactly that.

“Most services require basic permissions to read and write, with some also requiring direct messages and a few others, but essentially it can post what it likes when it likes onto your main twitter feed.

“As for resources there are many applications freely available that can send multiple, timed and mass tweets already available for anyone to download, they just need access to the third party’s app authorisation process.”

 

Did you have Twitter Counter on your profile? Let us know on Twitter @ESETUK.

 

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.