Hacker plays cat-and-mouse with the EBRD’s Twitter account

Hacker plays cat-and-mouse with the EBRD's Twitter account

The European Bank for Reconstruction and Development (EBRD) is not having the best of mornings, as itself admitted.

Good morning

Not such a great morning, in fact

We have been hacked but now hope that the situation is under control

Earlier today the bank’s @EBRD Twitter account, and that of its sister account @EBRDgreen, were hijacked by a hacker who began to post the kind of messages you don’t normally expect to see from an international financial institution.

Tweet dirty coin

And it seemed the hacker was actually courting the media’s attention by, for instance, tagging BBC home affairs correspondent Daniel Sandford in one message.

Ebrd bbc tweet

Of course, it’s sadly not unusual for Twitter accounts to be breached, but what makes this case somewhat unusual is the very public cat-and-mouse struggle that the EBRD seemed to be having with its hackers.

At one point some may have found it hard to tell which were the genuine tweets made by the EBRD and which had been made by its hacker, as one tweet from @EBRD asked for the account to be locked to stop the hacker and another claimed that it was the hacker who had posted the lockdown request. Only the hacker’s poor spelling and grammar gave the game away.

Cat mouse tweet from hacked EBRD account

Embarrassingly for the bank, the messages from the hacker continued to be posted even after @EBRD had posted an apology on its account.

Sign up to our free newsletter.
Security news, advice, and tips.

At the time of writing, it appears that the EBRD has regained control of its account and repelled its unwanted intruder.

It may, however, wish to take a careful look at its security – ensuring that passwords are not being reused, enabling two-factor authentication where possible, looking carefully at the security of third-party apps it may have connected to its account, and educating the staff about the dangers of phishing attacks.

From the childish appearance of this attack the hack appears to have been more the work of a mischief-maker rather than someone who was setting out to cause more malicious mayhem, but once a cybercriminal has wrestled control of your Twitter account from you it’s all too easy for it to be used to spread disinformation, scams, and malicious links to followers.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.