Twitter Celebs and Corporate Accounts Hacked Through Third Party

Twitter Celebs and Corporate Accounts Hacked Through Third Party

A third party Twitter site was hacked over the weekend and various celebrity and media accounts taken over to promote an “increase Twitter followers” service.

Twitter Counter, which claims to be the ‘#1 stat site powered by Twitter’ posted the following on Saturday:

“We can confirm that our service has been hacked; allowing posts on behalf of our users! We have launched an investigation into this matter.”

Earlier, countless celebrity accounts including those of Charlie Sheen and Lionel Messi, as well as the likes of Sky News, The New Yorker, The Next Web, and The Economist posted tweets on behalf of a site claiming to increase users’ Twitter followers.

Even the Twitter accounts of the US National Transportation Safety Board (NTSB), Playstation and Xbox were compromised.

Twitter Counter subsequently confirmed that it had addressed the problem and hackers can’t post on its users’ behalf any more.

It’s unclear exactly how the cyber attack on the firm occurred, but it has been quick to reassure customers with the following update:

“We ensure the privacy of our users' information. We do not store credit card information and we do not keep Twitter account passwords.”

Although the hackers appear to have focused their efforts on taking over high profile accounts with many followers, regular users would probably still do well to change their passwords and switch on two-factor authentication.

The incident is also a reminder of the potential security risk of linking one’s social accounts to third party services like Twitter Counter, as they can provide another way for hackers to attack.

In September, Twitter joined a new industry coalition designed to improve cybersecurity standards.

The Vendor Security Alliance (VSA) will help businesses assess how secure the companies they’re looking to partner with are to ensure there are no weak links in the chain.

Other corporate members include Uber, Dropbox and Airbnb.

Source: Information Security Magazine