ITV London hacked on Twitter. Syrian Electronic Army strikes again

The Twitter account of ITV News in London was hacked late yesterday by members of the Syrian Electronic Army, as the following screenshot shows:

As I warned earlier this week, Twitter’s introduction of two-factor authentication is unlikely to stop the wave of high profile hacks of the network.

Chances are that ITV London was struck in the same (unsophisticated but effective) way as previous victims of the SEA – with employees targeted by forged emails, which lead to a fake login page that steals their usernames and passwords.

Once the SEA have crowbarred their way into their intended targets’ network, they can send further emails to other staff, hoping to scoop up more usernames and passwords and dig out credentials to hijack Twitter accounts and post embarrassing tweets in the organisations’ name.

In recent weeks, the Syrian Electronic Army have broken into online accounts belonging to the likes of The Guardian, Associated Press, CBS, FIFA and the BBC, resulting in Twitter issuing a warning to all media organisations to take greater care over their security.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.