The Twitter account of ITV News in London was hacked late yesterday by members of the Syrian Electronic Army, as the following screenshot shows:
As I warned earlier this week, Twitter’s introduction of two-factor authentication is unlikely to stop the wave of high profile hacks of the network.
Chances are that ITV London was struck in the same (unsophisticated but effective) way as previous victims of the SEA – with employees targeted by forged emails, which lead to a fake login page that steals their usernames and passwords.
Once the SEA have crowbarred their way into their intended targets’ network, they can send further emails to other staff, hoping to scoop up more usernames and passwords and dig out credentials to hijack Twitter accounts and post embarrassing tweets in the organisations’ name.
In recent weeks, the Syrian Electronic Army have broken into online accounts belonging to the likes of The Guardian, Associated Press, CBS, FIFA and the BBC, resulting in Twitter issuing a warning to all media organisations to take greater care over their security.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.