It was around midnight when my phone beeped repeatedly. It was two of my colleagues who asked me to check the status of my Twitter account. They had also sent some screenshots which had a Twitter profile name of Vitaly Dmitriyevich, a Canadian programmer and co-founder of Ethereum – a platform that deals with cryptocurrency. Along this, there was “Ethereum Fable of the Dragon Tyrant (not mine but it’s important)” in the bio of that profile.
Initially, I could not recognize the issue however as I logged into my Twitter account, I discovered that it was my Twitter account itself that had been changed to that of Vitalik. The only thing similar was the username of the account. The hackers were aware changing usernames may do away with the verification tag immediately so they let that be. Twitter has been lately cornered about security issues with whistle-blowers also flagging that the microblogging site used by billions gave access to the government agents of India to access the user data of many people.
While reports of wilful sharing of the user data were still fresh, there I was witnessing someone else using my Twitter account without even having me click on any phishing link at all. The first response from me was to recover my account so I went to the password section to see if it had been changed. However, to my surprise, there was no password change even.
This was scarier that someone could have the access to your account and even make tweets from it without having your password. As someone with a degree in Media and communication technology, I have been very cautious with regard to the recent unfolding on Twitter. Especially as a journalist operating in India where reporters have been jailed for days together purely based on tweets makes one highly cautious about what links to click on, and whom to talk to and respond to on Twitter.
So, there was barely any time in the last few years that I clicked on any unsolicited links or even shared my login data with any third-party application. The account was hacked despite a two-factor authentication and account being verified which has an added layer of security. The hack is concerning for the fact that it was not only “read-only access” that hackers had got.
Very well in control of all the features of the Twitter handle, hackers were able to change the bio, name, profile picture, and even the header of my account. They were able to put out tweets assuring fake giveaways. Alerted by this, a search flagged that even many bigger corporates and politicians faced similar situations. Go First Airline’s Twitter too was hacked along with BJP Leader Rahul Kothari. While they were hacked at least 7 days ago, more accounts became victims just a day ago. Twitter seems to have done zero to prevent this hack from rehappening.
Ethereum, Vitalik Buterin is the founder of the novel blockchain platform, and hackers seem to have targeted many verified accounts.
In past as well, Twitter has witnessed such hacks. “Back the Twitter called this a “social engineering incident saying, “The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools. Not all of the employees that were initially targeted had permission to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our process”.
It added that using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7. However, nothing seems to have improved. In a similar fashion, hackers seemed to have tweeted and maybe even access the direct messages of the users. India Ahead reached out to Twitter for a comment on the issue but there was no response as of yet.