A hacker group has claimed to have discovered an exploit that allows them to seize and reactivate suspended and inactive accounts on Twitter. The group called "Spain Squad" was reportedly able to briefly reactivate accounts that were previously banned from the platform including @Hitler, @1337, @DarkNet, @LizardSquad and @Hell and take control of them with the hope of selling the infamous screennames to the highest bidder, Business Insider reports.
While handles such as @Hitler, @LizardSquad and @Hell were previously suspended by Twitter, other accounts like @AK47, @1337 and @megaupload have been inactive for a while. If an account is found violating Twitter's rules or terms of service by engaging in abusive activities such as spam, harassment, hateful conduct or promotion of violence, it may be "temporarily locked and/or subject to permanent suspension." Once suspended, there is usually no way of creating a new, separate account with the same screenname or reinstate it without the company's go-ahead.
If an account has been inactive for some time or abandoned by a user, the account isn't usually deleted by Twitter, basically rendering it unavailable for anyone else to claim.
"Suspended and deactivated usernames are not immediately available for use, so you'll need to select a different username," Twitter's support page on claiming certain usernames reads. "Unfortunately, these usernames cannot be released at this time."
Spain Squad, however, claimed that it could not only bring back suspended and inactive accounts, but change a user's Twitter handle, take control of another active account and even suspend it. The group even tweeted to notorious hacking collective PoodleCorp saying "im going to change your @ to @skids okey?"
However, it has only reportedly demonstrated the exploit to reinstate officially suspended accounts.
"For sell @botnet @Hitler @darknet @LizardSquad @nazi @ak47 @bypass @Hell etc," the group tweeted on 2 September to try and sell the accounts on the platform, providing users with an email to contact them if interested.
Short, unique usernames have long been prized on social media because they both harm to come by and portray the user as a tech-savvy, early adopter.
"Short usernames are something of a prestige or status symbol for many youngsters, and some are willing to pay surprising amounts of money for them," cybersecurity expert Brian Krebs wrote on his blog. "Known as "OG" (short for "original" and also "original gangster") in certain circles online, these can be usernames for virtually any service, from email accounts at Webmail providers to social media services like Instagram, Snapchat, Twitter and Youtube.
"People who traffic in OG accounts prize them because they can make the account holder appear to have been a savvy, early adopter of the service before it became popular and before all of the short usernames were taken."
The controversial accounts have already been suspended again. However, it is still unclear if the alleged exploit is still active or if Twitter has already patched it together with the suspension of the accounts.
Speaking via the @LizardSquad Twitter account before the accounts were suspended again, a Spain Squad member called Akma told Business Insider that, "we don't want to talk about our exploit...we don't want get patched soon."
Maintaining that Spain Squad is a "white hat" hacker group, the member added, "We are not going to do anything strange now but with this account, is just for fun. You can see what tweets I post, just for fun. After this, we going to deactivate accounts or suspend again."
Earlier this week, YouTube's biggest star PewDiePie was briefly kicked out Twitter after he joked that his account became unverified because he and fellow YouTuber JackSepticEeye had joined Isis. Many social media companies including Twitter have also received heavy criticism for not doing enough to control and prevent terrorist organizations from conducting their operations and spreading vile propaganda on their platforms.
In response, Twitter announced that it had suspended 235,000 accounts in the past six months that were founding violating its policies "related to promotion of terrorism."