Early Wednesday morning, thousands of tweets containing swastikas and Turkish hashtags that translated to “NaziGermany,” “NaziMania” and “NaziNetherlands” flooded the platform.
The attackers used the service’s permissions to post a message in Turkish, reading “卐 #NaziGermany👌#NaziNetherlands, a little👋#OTTOMAN SLAP for you, see you on #April16th.” That date is when Turkey is planning to hold a referendum on whether to grant stronger powers to its president Tayyip Erdoğan, and the tweets also linked to a pro-Erdoğan video on YouTube.
The breach came through a third-party tool called Twitter Counter, which many Twitter users—including celebrities and brand managers—use to gather analytics. It affected brand accounts including Amnesty International, Forbes magazine, Duke University and BBC North America.
After removing the messages, a few brand managers tweeted about the hack:
Hi everyone - we temporarily lost control of this account, but normal service has resumed. Thanks.
— BBC North America (@BBCNorthAmerica) March 15, 2017
Earlier this morning our Twitter account was hacked. We've now deleted the hacked tweet and investigating what happened. Apologies & thanks
— AmnestyInternational (@amnesty) March 15, 2017
A Twitter spokesperson also issued the following statement to reporters:
We are aware of an issue affecting a number of account holders this morning. Our teams are working at pace and taking direct action on this issue. We quickly located the source, which was limited to a third-party app. We removed its permissions immediately. No additional accounts are impacted. Advice on keeping your account secure can be found here.
Twitter Counter explained through a series of tweets that it blocked users’ capability to tweet through its service—and reminded people that it doesn’t store sensitive user data:
We're aware that our service was hacked and have started an investigation into the matter.We've already taken measures to contain such abuse
— TheCounter (@thecounter) March 15, 2017
One thing is important to note - we do not store users’ Twitter account credentials (passwords) nor credit card information.
— TheCounter (@thecounter) March 15, 2017
Assuming this abuse is indeed done using our system, we’ve blocked all ability to post tweets and changed our Twitter app key.
— TheCounter (@thecounter) March 15, 2017
The Twitter Counter application is blocked on Twitter. If this activity continues, then we strongly believe it's not just through us.
— TheCounter (@thecounter) March 15, 2017
[RELATED: Keep your cool in a crisis with these 13 tips.]
It’s not the first time the organization has been at the center of a security breach involving high-profile accounts.
Twitter Counter reported an attack in November in which accounts from Sony Corp., Viacom Inc., Microsoft Corp. and others were compromised and posting spam messages. Twitter Counter apologized and said it had fixed the problem.
Though the organization said it doesn’t store users’ passwords or credit card information, the crisis should be a reminder to brand managers to check their organizations’ social media accounts—especially those connected to third-party posting or monitoring apps.
As usual, this is a good time to double check your account and any third party apps or services—you can find instructions on how to do that here —you may have connected to it. If they get hacked, then you get hacked, and no one needs that. Once you're done with that, we'd also recommend making sure you use a unique password and have two-factor authentication enabled, just to be thorough.
It’s also a reminder that security breaches can often happen through social media sites and services, so it’s always a good idea to regularly change your password (or use a password service to further protect your accounts).
from PR Daily News Feed http://ift.tt/2mJbdG2
No comments:
Post a Comment