Third-Party App Hack Results in Hijack of Thousands of Twitter Accounts

Thousands of high profile Twitter accounts have been hijacked and used to tweet pro-Turkey messages. Accounts belonging to the BBC, Amnesty International, Unicef, Forbes and more tweeted slogans relating to Turkey’s current diplomatic dispute with Germany and the Netherlands.

Tweets read ‘Nazi Germany, Nazi Holland,’ and contained an image of the Turkish flag and what appeared to be a swastika. Some of the tweets also referenced Turkey’s upcoming referendum, according to the Guardian, where the public will vote on increasing the powers of President Tayyip Erdogan. The tweets also contained a pro-Erdogan YouTube video.

It appears the breach happened after hackers gained access to a third-party Twitter application called Twitter Counter. As well as being used to monitor Tweet activity, Twitter Counter can post to users’ timelines automatically, which appears to be how this hack happened. The hackers would not have had full access to the Twitter accounts, nor would they have accessed passwords or any other sensitive information.

Omer Ginor, Twitter Counter’s CEO, told the Guardian: “We are aware of the situation and have started an investigation into the matter. Before any definite findings, we’ve already taken measures to contain such abuse of our users’ accounts, assuming it is indeed done using our system - both blocking all ability to post tweets using our system and changing our Twitter app key.”

A Twitter spokesperson told SkyNews they had "quickly located the source which was limited to third party app. We removed its permissions immediately. No additional accounts are impacted.”

BBC North America confirmed they had been hit, tweeting: Hi everyone - we temporarily lost control of this account, but normal service has resumed. Thanks.” Amnesty International, meanwhile, tweeted: “Earlier this morning our Twitter account was hacked. We've now deleted the hacked tweet and investigating what happened. Apologies & thanks.”

Example of an affected Twitter account posting pro-Turkey messages
Example of an affected Twitter account posting pro-Turkey messages

Even security consultant Graham Cluley was affected by the hacking. He urged Twitter Counter users to revoke access and delete the offending tweet, if they’d been impacted by the hack.

“Twitter Counter requests read *and* write access to your Twitter account, in order to do its jiggery pokery counting your Twitter followers. I gave Twitter Counter access to my account in October 2014, and that clearly was a decision I now regret. Quite why it would need write access, unless it is planning its own self-promotion, I can't say,” he wrote.

All Twitter users are advised to closely monitor which third-party applications have access to their account. Any which are not recognized, or not used anymore, should have their access revoked. Extra precautions should be taken with any third-party applications that demand ‘write’ access to a user’s account.

What’s hot on Infosecurity Magazine?