Twitter says its systems weren't compromised in hack of PM Modi’s account

Indian Prime Minister Narendra Modi’s account was the latest on a list of high profile Twitter hacks. Twitter says its systems and services were not compromised.

Twitter today confirmed that the account @narendramodi_in associated with PM Narendra Modi’s personal website was indeed compromised. In a statement to India Today, Twitter declared that preliminary investigations reveal its systems and services were not compromised – thereby making it unrelated to the July incident that saw several high profile Twitter accounts being hacked.

Meet John Wick

On Sept. 3 a hacker group called John Wick posted a tweet from the PM’s account  saying: “Yes this account is hacked by John Wick, we have not hacked Paytm Mall.”

The group’s message was intended to clear its name following accusations last month that it had hacked into databases at PayTM Mall.

At the end of August, US cybersecurity firm Cyble said in a blog post that it had been tipped off to a data breach at PayTM Mall by someone claiming to be a former member of the hacking group John Wick. That person told Cyble that with the help of an insider the group had gained unrestricted access to PayTM Mall’s entire database (comprising 55 lakh active users) by uploading a backdoor to the PayTM Mall website. 

Cyble says John Wick has previously targeted Indian companies including Square Yards, Zee5 and SumoPayroll with ransomware.

Rooting out the truth behind the accusations is going to be difficult, but it's easy to see why the group turned to Twitter to clear its name.

It's the medium of choice for national leaders and eminent business leaders, giving anyone who hacks one of those accounts unparalleled reach. The recently compromised Narendra Modi handle @narendramodi_in, for instance, has 25 lakh followers. The same holds good for the recent incident targeting influential celebrities like Bill Gates, Elon Musk, Jeff Bezos and Barack Obama.

So a scam in the form of a tweet from a hacked account saying "You send $1,000, I send you back $2,000" is bound to earn financial dividends that far surpass a ransomware attack.

Following the July fiasco, Twitter revealed that it had traced the cause of the incident to a “coordinated social engineering attack” on employees with access to internal systems and tools. It said as many as 130 accounts could have been targeted by the attackers in some way, and that in response to the incident it had taken significant steps to limit access to internal systems and tools.

When it comes to cybercrime perpetration on Twitter, the sky is quite literally the limit for folks on the dark side of the web. On Aug. 30 last year, The New York Times revealed that  hacker group Chuckling Squad took over Twitter CEO Jack Dorsey's account and posted a statement declaring the company's San Francisco headquarters would be bombed, in addition to a string of racist posts.

The attack was attributed to a "security oversight" by Dorsey's mobile provider that made it possible for an unauthorized person to send messages and tweets from Dorsey's mobile number.

How to deal with a suspected compromised account

There are some easy steps to take to avoid following in Modi's or Dorsey's footsteps. Twitter support highlights several signs of a compromised account – for instance: seeing unexpected tweets, unintended direct messages, strange account behaviour (following/blocking), a notification stating changes in account information, or an ‘incorrect password’ prompt.

If a user has experienced any one of these symptoms, Twitter advises a set of steps users must follow:

  1. Password change: For users who are still able to login with their credentials, Twitter recommends changing the password immediately. For those unable to access their accounts, an email can be requested from the password reset form.

  2. Check email address: Users must ensure that the email address associated with the account is secure and can be accessed by no one else.

  3. Connections to third-party applications: Twitter recommends revoking connections to unrecognized or unfamiliar third-party applications. Additionally, for those using TweetDeck, it is recommended to remove users that members do not recognize.

  4. Update passwords on trusted third-party applications: A common vulnerability stems from sharing the username and password with a malicious third-party application or website. Twitter advises users to update their passwords on applications they intend to use.

  5. Two-factor authentication: No different from digital payments and e-commerce companies in India, Twitter has the provision of adding an extra layer of security with two-factor authentication.

To enable two-factor authentication, users can access ‘Account Settings’ and choose ‘Security’ – this gives them three options to choose from: Text message, authentication app, or security key. Users can link their authentication app to their Twitter accounts by scanning a QR code.

Copyright © 2020 IDG Communications, Inc.

How to choose a SIEM solution: 11 key features and considerations