Hackers have infiltrated a number of celebrity Twitter accounts with the intention of highlighting weaknesses in the social media giant’s defences, according to reports.
Among the high-profile users whose accounts were broken into are documentary expert, Louis Theroux, and TV presenters, Eamonn Holmes and Saira Khan.
Last week, Insinia Security placed a message on targeted accounts which read: “This account has been temporarily hijacked by Insinia Security”. The words also appeared on the Twitter feed of travel journalist, Simon Calder.
The perpetrators stated in a medium blog that a weakness in Twitter’s process for dealing with phone-posted messages had been exploited for the vigilante action to take place; simply knowing an individual’s phone number could enable hackers to send messages from accounts they do not control, the statement said.
Advice detailed in the blog posts prompted Twitter users to delete their phone numbers from their accounts as a precautionary measure. The security firm also outlined the extent to which its specialists have tried to bring the issues to light in the past, stating:
“Back in March, we warned about the issues of using text messages for security. In fact, we warned about using them for pretty much anything!
“Then in November, we highlighted the same issue again. So, what did Twitter do? Well they allowed anyone with your phone number to Tweet from your account.”
Speaking to the The Independent, Insinia Security CEO, Mike Godfrey said:
“Insinia have warned for years that using text messaging for authentication, interaction or security is totally unacceptable and leaves people vulnerable to attack.
“This issue was highlighted to Twitter in 2007, again in 2009, again in 2011 and almost every year since. Quite simply; Twitter doesn’t listen. The campaign today was to highlight these vulnerabilities, how serious they can be and how someone with a relatively low skill set and a range of tools can control social media that people use to control their brands, career, image and much more.
“People have a right to know the truth about the state of insecurity that huge companies like Twitter leave innocent users in.”
However, the stunt has not gone down well with its victims, and has prompted a wave of public criticism. Speaking to the BBC, Simon Calder said the unauthorised accessing of his account was “tedious” and “annoying”, and that he was unimpressed as a result.
Some experts now consider it as commonplace for researchers to attempt to hack into their own social media accounts, or those of willing and aware volunteers in order to expose security flaws.
Speaking to the BBC, Prof Alan Woodward from the University of Surrey said it was “unacceptable” for Twitter to maintain “functionality that can abused” through “unauthorised interference.”
European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.