ABC News, Good Morning America, HBO, Senator Ted Cruz, Mark Zuckerburg, CEO's of Uber, Zendesk, Oculus, Spotify, Twitter and dozens of C-suite executives along with now-deceased Beatle George Harrison and NASA's Kepler space telescope. What do these people, companies, top executives and space telescopes have in common? They've all had their Twitter accounts hacked. [1]

Some hacks may seem, at first, to be only trivial. For instance, hackers replaced the photo of Zendesk CEO, Mikkel Svane, with a picture of the grotesque Internet meme, Pepe the Frog. [1, 2] Yet the damage done to public figures, celebrities, politicians and others who loom large in the public consciousness can be severe.

Now, this kind of Twitter account hacking is spreading across the world.

The Trend Goes Global

In Australia, Minister of Defence, Christopher Pyne, was fast asleep at 2:00 AM when a hacker posted a Tweet from his account indicating he “Liked” an explicit gay pornographic video. By breakfast time the Federal Labor department had called for an investigation into Pyne's social media, after he blamed hackers for compromising his Twitter account. As Defence Minister, Mr. Pyne normally uses his Twitter account to communicate on matters of national defense. Senator Cory Bernardi expressed concerns about the hacked account possibly compromising national security, while Labor leader Bill Shorten said, “I think it is most serious when any minister, but especially a defence minister, is the victim of hacking.” [3]

Health Minister, Greg Hunt, was caught in a nearly identical compromise when a hacker took over his account and posted that Mr. Hunt “Liked” a tweet with pornographic content. [4] Both of these hacks are thought to be triggered by discontent surrounding a current event in politics, a recent national survey on the subject of gay marriage.

Whether it's a hack of a celebrity's Twitter account, a politician's or the news media, such tweets can damage the public perception of the victim. In many cases the hacked tweets reach far more people (through Likes and Re-Tweets) than does the correction posted once the account has been recovered. Once the damage is done, even retractions, corrections and explanations fail to reach everyone who got the original hacked message.

Hacking Twitter isn't difficult. Anyone can do a web search on “how to hack Twitter.” The search reveals YouTube videos and articles with everything a person needs to take over someone's account. (Be careful: Many of those sites that appear in the search results try to download malware to your device. Make sure your anti-virus is up to date).

Furthermore, various websites seem to directly serve the hacker community. A website at LeakedSource.com aggregated hundreds of millions of user ID's and passwords that were compromised during various data breaches. Those breached include AdultFriendFinder, Myspace, Twitter, the Russian megasite, Rambler.ru and others. LeakedSource.com sold user IDs and passwords (which they conveniently decrypted to make them more useful to hackers) for a few dollars per day to anyone willing to pay. In early 2017 the U.S. Federal government shut down the site and confiscated its servers. [5]

Apparently the site was making of money because within a few months a similar site appeared (and is still running today) at LeakedSource.ru, using the top level domain name for Russia. At this writing the site claims to have more than 2 billion records, and counting. [6]

High visibility people and companies tend to attract the most aggressive hacking. It just makes sense, from the hackers point of view, to focus on entities that are highly visible to the public. But when you carefully examine the reason hackers are increasingly focusing on Twitter accounts, two things come to the surface.

First, hackers can take control of the account and spam followers with links to hostile websites. Not to mention, they can do serious damage to the public perception of the account holder who's been compromised.

Second, because far too many people use the same tired password across numerous sites, thinking their own convenience is more important than their personal online security, cracking a Twitter account password can give access to many other social and financial sites.

Finally, for hackers with excess cash on hand, one can buy the credentials needed to take over a Twitter account for prices ranging from a few dollars up to more than $300, depending upon the quality of the account. [8]

The Solution

Account takeover can be damaging and frightening, especially when personal information or proprietary corporate information is divulged. Twitter.com devotes several help pages to remedies for account take over and compromise. Numerous websites offer additional help and advice.

However, the best way to keep keep hackers out of your account is to refuse them entry. Social SafeGuard™ is the only software tool that provides security across Twitter and all your social channels. To combat account takeovers Social Safeguard™ identifies and prevents incursions into your account.
Then, even beyond securing your Twitter presence on the web, Social Safeguard™ monitors more than a dozen of the most popular social and collaboration networks, scanning for content that may pose a risk or threat to your organization.

If you're ready to lock down your Twitter account and other social properties, Contact us today to request a free social media audit!

Sources:

1. http://fortune.com/2016/07/27/ceo-twitter-hack-list/

2. https://en.wikipedia.org/wiki/Pepe_the_Frog

3. http://www.abc.net.au/news/2017-11-16/christopher-pyne-says-hacker-liked-porn-tweet/9155964

4. http://www.news.com.au/technology/online/social/health-minister-greg-hunt-likes-pornography-tweet/news-story/c2de49aa324d7ec404c3a655f43acdf9#

5. http://www.zdnet.com/article/breach-site-leakedsource-raided-by-feds/

6. https://leakedsource.ru/main/faq/

7. http://www.zdnet.com/article/why-hackers-hack-is-it-all-about-the-money/

8. http://www.vocativ.com/tech/internet/twitter-hack/index.html