LAST NIGHT, A swath of Twitter accounts with large followings—including Duke University, BBC North America, Forbes, and Amnesty International—tweeted out the same message, in Turkish, that included a swastika and hashtags that translate to “Nazi Germany, Nazi Holland.”
The hacked accounts, which apparently stem from increasing vitriol between Turkey and Holland, appear to have all been restored. They’re an unfortunate reminder, though, any Twitter account is only as safe as the apps you let access it.
Starting in the early hours of Wednesday morning, a diverse range of high-profile accounts—schools, news organizations, celebrities, and so on—all began tweeting the same message. It leads with a swastika, follows with the Nazi hashtags, calls the attack a “little Ottoman slap,” and promises to “See you on April 16,” the day Turkey will hold a referendum to further empower President Recep Erdoğan.
The vulnerability, it should be said, did not lie directly with Twitter.
“We quickly located the source which was limited to a third party app. We removed its permissions immediately. No additional accounts are impacted,” a spokesperson for the social media company said in a statement.
That app was an analytics service called Twitter Counter. The company, which acknowledged that attackers had compromised its system but that it does not store Twitter user passwords or credit card information.
All of which might still be somewhat mystifying if you haven’t been following internecine European political tensions lately. Turkish-Dutch relations reached a low point over the past week or so, after the Netherlands prevented Turkish ministers from campaigning in the former’s country over the Erdogan measure. Why would Turkey want to rally the Dutch vote to begin with? Expats are eligible to vote, and a sizable portion of Turkish nationals now call the Netherlands home.
The restrictions resulted in protests, cries of fascism, and now a widespread hack of Twitter accounts that somehow managed to drag the social media presence of Reuters Japan into this whole mess.
Twitter says a “small number of account holders” got hit, which seems true relative to the entire user base. As of last November, though Twitter Counter had over two million users, all of whom were potentially affected, even if only the accounts with large followings registered.
The good news is that the problem has been patched up, both on Twitter’s end and Twitter Counter’s. Twitter revoked Twitter Counter’s permissions, and the service itself proactively blocked the ability to post tweets through the app. For an extra dose of peace of mind, you can also head to Settings and privacy > Apps, and manually revoke access.
In fact, go ahead and take a minute to do that regardless. If you don’t absolutely need an app to plug into your Twitter account, give it the boot.
How Serious Is This?
The involuntary spread of swastikas across a social media platform is pretty serious! More important, though, the Twitter Counter incident reminds that your online accounts are only as secure as their weakest app. All the hacked accounts did wrong in this case was put their trust in a third-party service—one that has had security issues before.
So whether it’s Twitter, Facebook, or any other service that grants third-party access, go ahead and take a minute to boot any that you don’t need or don’t trust. It’s that or risk turning into just another pawn in the next Turkish-Dutch flare-up.
Source: Wired Link: https://www.wired.com/2017/03/hack-brief-high-profile-twitter-accounts-overrun-swastikas/