Hundreds of Twitter accounts, including those of some major media outlets and celebrities, were hacked on Wednesday to post tweets with the Turkish flag and swastikas.
The tweets, which appeared to be political defacement, used the hashtags #Nazialmanya and #Nazihollanda, meaning Nazi Germany and Nazi Holland. The attackers posted anti-Nazi messages in Turkish, and also referred to April 16, when a referendum will take place in Turkey to give President Recep Tayyip Erdoğan more power.
The hackers also posted a link to a YouTube video and the Twitter account sebomubu.
Gotta reach your audiences everywhere pic.twitter.com/eYqq9IJ2Qp
— Rob Lopez (@R0BaTO) March 15, 2017
The compromised Twitter accounts included those of Forbes, World Meteorological Organization, bitcoin wallet Blockchain, Germany soccer club Borussia Dortmund, Justin Bieber's Japanese account and the U.K. Department of Health.
The attackers also hijacked the Twitter accounts of BBC North America, the European Parliament, Reuters Japan, Amnesty International, UNICEF USA and Duke University.
While we investigate, we have a petition demanding Turkey ends its crackdown on journalists. Sign here: https://t.co/KjtGS7dZqX https://t.co/z5sjWmO6X2
— AmnestyInternational (@amnesty) March 15, 2017
A bunch of Twitter accounts including @Forbes have been hacked pic.twitter.com/53Z9nUsRRO
— Arjun Kharpal (@ArjunKharpal) March 15, 2017
Some Twitter users claimed that hackers compromised a third party analytics app called Twitter Counter, which allowed intruders to post tweets from anyone using that software.
Meanwhile, Twitter Counter admitted that its service was hacked and that it was investigating the matter.
We're aware that our service was hacked and have started an investigation into the matter.We've already taken measures to contain such abuse
— TheCounter (@thecounter) March 15, 2017
"Before any definite findings, we've already taken measures to contain such abuse of our users' accounts, assuming it is indeed done using our system – both blocking all ability to post tweets using our system and changing our Twitter app key," a Twitter Counter spokesperson told CNBC. "One thing is important to note – we do not store users' Twitter account credentials (passwords) nor credit card information. The abuse risk is limited to posting or following on Twitter and as I've mentioned — the first part is already contained."
If you have ever used Twitter Counter, here's what you should do right now:
- Go to "Settings and Privacy" on Twitter
- Click on the "Apps" section.
- Disable the third-party access to Twitter Counter.