What’s more, thanks to their knowledge of how Twitter’s account recovery and recycling processes work, the hackers are managing to lock the victims out of their accounts and keep them out.
The attack has been dubbed the ‘Doubleswitch’, and it was first reported by digital rights group Access Now.
It says hackers have targeted the accounts of journalists, activists and human rights defenders in Venezuela, Bahrain and Myanmar, some of which were verified and “had a large following”.
After hacking them, Access Now says the attackers “updated the account information by changing the password and the associated email address, locking out the legitimate user.”
They then changed the accounts’ usernames and, crucially, took advantage of an option that enables Twitter to recycle unwanted usernames.
“After changing the credentials of the accounts, the hijackers registered Twitter accounts using the original usernames, which were now freely available, and connected the accounts to a new email address,” says the group.
“When these victims attempted to recover their accounts, Twitter’s confirmation emails went to the hijackers, who pretended that the issue had been resolved. The hijackers then proceeded to delete one of the original accounts, making it even harder for the victim to recover it.”
Journalist Milagros Socorro and Miguel Pizarro, a member of Venezuela’s parliament, were both hacked using this method.
With help from Twitter, their accounts were eventually recovered, but not before the hackers had started spreading fake news through them and deleting past tweets, confusing followers and damaging their reputations in the process.
Access Now says Doubleswitch attacks can also be carried out on Facebook and Instagram, but says users can protect themselves by enabling multi-factor authentication.
More about: #cybersecurity #Twitter
