Twitter hack: thousands of accounts hijacked

03/15/2017
G DATA Blog

Many Twitter users in Europe woke up to some unexpected Tweets: many Twitter accounts suddenly posted messages which attacked the Dutch and German governments. Unknown attackers were able to gain access to the millions of accounts through an app which provides statistics.

What happened?

As of this writing, some unknown attackers were able to compromise an external service which is used for collecting statistical data. Many high-profile accounts were affected, such as UNICEF as well as Amnesty International. In addition to the profiles of sports clubs and human rights organizations, numerous other profiles were also compromised. Some celebrities suddenly appeared to post those polemic messages. Several thousand accounts were affected worldwide. The attackers replaced the header image with the Turkish flag. This process is also known as "defacement". They then proceeded to berate the Dutch as well as the German government and called them "Nazis".

How could this happen?

An external app by the name of TwitterCounter was hacked. The provider has acknowledged the hack. An investigation is already underway. More details on the exact timeline of the attack are unknown at this time.

How can I protect myself?

App permissions should be reviewed carefully and revoked if necessary
App settings in Twitter
  • If you are using TwitterCounter on your profile, it is recommended to revoke access to Twitter for this app.
    You can do this via Settings and Privacy > Apps. In there, click the "Revoke access" button to lock the app out.
  • As a precaution, the login passwords for Twitter as well as any platforms which have permission to post to Twitter should be changed.
    Our advisory on secure passwords can help you find a new password.
  • Enable login verification; you can find those under "Account" in your Twitter settings, in the "Security" section.
    This prevents unauthorized users from accessing your Twitter account. To log in, an additional security code will be required. This code can also be sent to your phone as a text message.

Similar cases

  • in 2009, numerous accounts were hijacked by Iranian hacktivists
  • in 2013, the "Anonymous" collective claims responsibility for defacing North Korean government profiles in social media
  • in 2015, many accounts were attacked because they had ties to the Islamic State terror militia; those attacks also took place under the "Anonymous" banner
  • in 2016, a Russian government profile is hijacked
  • in February 2017, about 1.5 million Wordpress blogs are defaced