Twitter accounts of over 2,500 users, including those accounts that have a large number of followers, have been hacked in the span of just two weeks. The hacked accounts appear to have been replaced by pornbots that went on to tweet sexual content and post links to adult dating websites.
According to security firm Symantec, the Twitter accounts of electrofunk band Chromeo, stand-up comedian Azeem Banatwala, US footballer Cecil Shorts III, the late New York Times reporter David Carr as well as another unnamed international reporter from The Telegraph were among those whose accounts were compromised.
The hackers also altered users' profile pictures, full names and bios in efforts to promote adult sites. The profile picture was noted to have often being changed to that of a woman "typically in a suggestive pose or wearing lingerie/swimwear", while the names appear to have been changed to real names obtained from other sources.
Symantec senior security manager Satnam Narang said in a company blog: "Rather than tweeting or direct-messaging users, the attackers used these compromised accounts to like tweets and follow other users, hoping to capitalize on users being curious enough to investigate their Twitter profiles. If a user visits the compromised profile, they will see tweets that claim to offer free sign-ups to watch "hot shows" over webcam, or dates and sexual encounters. Each of these tweets includes sexually suggestive photos and shortened links using either Bitly or Google's URL shortener, goo.gl."
The hackers' motive was to trick people into clicking on the links, which would then redirect them to adult sites, which is likely why those targeted by the hackers were users who had a fairly large following.
"Being able to bust into that account, and use that account to post a tweet will make it more likely that people will click to their links compared to someone who has say, 100 followers or 20 followers," Narang told the Motherboard. The hackers are believed to have profited from the breach, making $4 (£2.73) for every user that signed up for the website – an incentive offer that the adult site linked to the breach has been actually offering its users.
It was also noted that most of the accounts that were compromised were old (the oldest of which was registered in 2007) and some of the accounts also appeared to be dormant, with no new tweets posted in years. According to Narang, the hackers most likely broke into the accounts thanks to "a combination of weak and reused passwords".
Moral of the story — if you have an old Twitter account (and a considerable following), it would be prudent to change your password and perhaps even use a password manager to generate strong and secure passwords for better security of your account.