Insinia Security hacks celebrity Twitter accounts to expose flaws


London, Dec 28 (IANS): In a bid to highlight security flaws in Twitter, Britain-based Insinia Security temporarily hijacked several celebrity and journalist accounts active on the micro-blogging site.

According to a report in The Telegraph, messages appeared on several celebrity and journalist accounts on Thursday with the words: "This account has been temporarily hijacked by INSINIA SECURITY."

To take control of the accounts, the researchers at the company used fake SMS verification that made it appear as if they belonged to the account owners, said the report.

Insinia said it successfully hijacked the accounts of a number of celebrities, including Eamonn Holmes, Louis Theroux, Simon Calder and Saira Khan among others.

A simple method allowed it to send tweets, direct messages, retweet and like tweets, follow and unfollow people, according to the company which warned that the vulnerability could be easily exploited by nation states, hackers and organised crime groups.

The vulnerability could be used to "spread fake news and disinformation via influential celebrities and journalists", Insinia warned in a blog post.

While Twitter has not yet officially reacted to the threat, Insinia recommended that users should meanwhile remove their phone number from the Twitter account.

"Twitter should completely remove this functionality (SMS verification) as users rely on their phone added to account for two-factor authentication," Insinia said.

  

Top Stories


Leave a Comment

Title: Insinia Security hacks celebrity Twitter accounts to expose flaws



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.