twittercounterhacked100713558orig

Twitter accounts hacked, Twitter Counter steps forward as culprit

Twitter Counter, a third-party analytics service, appears once again to have provided a gateway for hackers to post messages to high-profile Twitter accounts.

An unlikely number of Twitter users suddenly learned to speak Turkish on Wednesday, posting an inflammatory message in the language replete with Nazi swastikas.

Among those posting the message were the Twitter accounts of Forbes magazine, the Atlanta Police Department, and Amnesty International, one of the few hacked accounts one might expect to speak Turkish.

Fears that these accounts had all been hacked were quickly allayed, when Twitter identified a third-party app as being to blame.

"We are aware of an issue affecting a small number of account holders this morning. Our teams worked at pace and took direct action. We quickly located the source which was limited to a third party app. We removed its permissions immediately. No additional accounts are impacted," a Twitter spokesman said via email.

It's usually hard to measure the impact of such hacktivist attacks, but counting the consequences may be easier this time around. Although Twitter did not name the app involved, the independent Twitter Counter service soon outed itself.

"We're aware that our service was hacked and have started an investigation into the matter. We've already taken measures to contain such abuse," the company tweeted.

Assuming that the abuse was going through its system, it said, "We’ve blocked all ability to post tweets and changed our Twitter app key."

A Twitter Counter spokesman referred questions to the company's CEO, Omer Ginor, who did not immediately respond to a request for comment.

It's barely four months since Twitter Counter was last hacked, an attack that resulted in postings to high-profile accounts including those of Playstation, Viacom, Xbox, Charlie Sheen and Lionel Messi, the company said at the time.

"The attackers used a mechanism to hack the cookies used by the website, so that they can, one by one, make the system believe they're logged in as a specific user and therefore be able to take the actions we allow users to take on our site, such as posting," Ginor said in his analysis of the incident that took place last November.

IDG Insider

PREVIOUS ARTICLE

« Microsoft Teams takes on Slack with enterprise bots, Office 365 tie-ins

NEXT ARTICLE

6 apps Apple really needs to make for Android »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Amazon Cloud looms over China: Bezos enters Alibaba home ground

Lewis Page gets down to business across global tech

Poll

Do you think your smartphone is making you a workaholic?