It appears that the notorious Syrian Electronic Army hacking group have claimed yet another scalp.
The news broke after Sky’s official support account (@SkyHelpTeam) tweeted a series of messages telling users to uninstall the Android versions of their Sky News and Sky+ apps.
Furthermore, the group shared screenshots with journalists of what appeared to be the Google Play developer account for Sky’s apps, complete with the logo of the Syrian Electronic Army and the message “Syrian Electronic Army was here”.
I’m not saying that a hack didn’t occur, but I would urge people to be a little cautious (considering the SEA’s habit of hacking the Twitter accounts of media organisations) about trusting the messages sent out via @SkyHelpTeam.
Notice, for instance, that the tweets from @SkyHelpTeam have been sent via Twitter.com’s web user interface, whereas the account normally supports users via “Lithium Social Web”.
Furthermore, there is no official mention that I could find about the Android app problem on Sky’s Help Forum.
It seems strange that Sky’s support team would tweet a warning to users about their apps, but provide no link to where further information will be provided.
And let’s take a closer look at the wording of that warning:
“please remove the apps if you are already installed it“
Was that written by someone who isn’t a native English speaker?
I’m not saying that Sky didn’t have its Google Play account hacked, or that the entries for its Android apps were not defaced. At the time of writing, many Sky Android apps are unavailable to access via Google Play which indicates that something unusual has happened. Frustratingly, that also means that they cannot be downloaded to check for signs of malware or tampering.
But we should retain a healthy skepticism about implicitly trusting warnings that have only been shared via Twitter, especially when the reported attack relates to a group with a history of hacking the Twitter accounts of media organisations.
Sky, if you were hacked, please post an official statement and a link to an advisory telling users of your Android apps what they should do on your support forum.
Meanwhile, users might be wise to uninstall the questionable Android apps until clearer official guidance is available from Sky.
Update: Looks like my hunch was right. CNET UK is quoting a Sky spokesperson who has confirmed that its Twitter account was hacked.
“The Sky Help Team’s Twitter account has been compromised, and the tweet that states customers should uninstall their apps is not guidance from Sky. We are currently investigating the situation. We will provide a further update when we have more information.”
It’s just a shame that Sky has taken over 12 hours to say this…
Update 2: More details can be read in this report from Pocket Lint.
I think it’s worth saying again: Stop trusting warnings that have only been shared via Twitter, especially when the reported attack relates to a group with a history of hacking the Twitter accounts of media organisations.