NBC News Twitter account hacked with fake news of 9/11 Ground Zero attack

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Sick-minded hackers have broken into the Twitter account of NBC News and posted messages claiming that there has been a terrorist attack at Ground Zero in New York.

The bogus messages claimed that Flight 4782 has been hijacked and another plane crashed into the site where the Twin Towers collapsed ten years ago.

Tweets from the NBCNews Twitter account

NBCNews’s Digital Officer Vivian Schiller tweeted confirming that their official account had been hacked, and asked followers not to retweet any of the offending messages:

Sign up to our free newsletter.
Security news, advice, and tips.

Tweet from Vivian Schiller

In a subsequent message, Schiller confirmed that NBCNews was “working with Twitter to correct the problem and sincerely apologize for the scare that could have been caused by a such a reckless and irresponsible act.”

A group calling themselves the Script Kiddies have claimed responsibility for the hack. The same group previously hijacked and defaced Pfizer’s Facebook page and broke into the Fox News Politics Twitter account to post a bogus announcement about the death of Barack Obama.

Of course it’s very serious when such a popular Twitter account has its security breached. In theory, malicious hackers could have posted a link to malware or a phishing site – rather than what appears to be sick fake news headlines about a terrorist atrocity at such a sensitive time, with the 9/11 anniversary this weekend.

It’s unclear on this occasion whether NBCNews’s Twitter password was phished, whether it was cracked through a dictionary attack or spyware, or whether the persons who run the NBCNews account made the mistake of using the same password on multiple websites.

Computer users should always choose a hard-to-guess non-dictionary word as a Twitter password, and never use the same password on multiple websites.

Twitter appears to have now suspended the @NBCNews account, presumably to stop other users from retweeting the fake news and starting a scare.

Twitter should be applauded for taking such quick action, but isn’t it time that there was better security available to accounts which have a large number of followers, or who (like media organisations) may cause public panics if someone breaks in and starts tweeting false news stories about terrorist attacks?

Twitter login username and password

Just a username/password combination isn’t enough when a social media account is an important part of your business or public image.

I, for one, would like to see Twitter and other social media sites offer an additional level of authentication for those who want to better defend their accounts. I fear that, unless that happens, we will continue to see high profile accounts hacked and brands damaged as hackers run rings around them.

Update: Christmas tree Trojan blamed for NBC News Twitter hack.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.