Hackers could be taking DM route to hijack your Twitter accounts, say experts
Cyber security experts recommend users with large number of followers to switch on the two-factor authentication for their account.
With the Twitter accounts of megastar Amitabh Bachchan and singer Adnan Sami getting hacked, security researchers have warned that users should think twice before clicking on the links received in the Twitter Direct Message (DMs).
While Bachchan's Twitter account was hacked late on Monday, the hackers took control of Sami's Twitter account on Tuesday.
A group that goes by the name "Ayyildiz Tim Turkish Cyber Army" claimed responsibility for hacking both the high-profile accounts.
"Their modus operandi looks like they sending DM (Twitter Direct Message) to the victims Twitter account and if the victim opens the DM (direct message) he/she is directed to a phishing page which looks like a genuine page," Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Ltd. told IANS.
"If the user fills the login credentials on this page his login information is gone to the hackers who later use it to login and change the original password and take control of the account," he said, adding that there are even other ways a Twitter account can get compromised.
Users with large number of followers should switch on the two-factor authentication for their account, Katkar said.
French security researcher who uses the pseudonym Elliot Alderson pointed to a user who goes by the name Kerem Sah Noyan on Twitter and uses the handle @NoyanAyt2002 as the person behind the hack.
"Few hours ago, the account of @SrBachchan with his 37.4M followers has been hacked. There is a high probability that the hacker is @NoyanAyt2002," Alderson tweeted.
"Guess who is the last person followed by @SrBachchan? Obviously @NoyanAyt2002," he added.
"To sum up: The hacker of @SrBachchan's account is @NoyanAyt2002. He is part of team called "Turkish Cyber Army Ayyildiz Tim". He hacked at least 8 "big" Twitter accounts before that including @dalermehndi, @divyadutta25, @ErosNow, @bmwindia, @dalermehndi, @yanisvaroufakis," Alderson added.
Twitter only contacts users in-app or via an email sent from an @twitter.com email address. The platform never ask users to provide their password via email, Direct Message, or reply.
"All the social media services (Twitter/Instagram/Facebook etc,) have the security and privacy feature of two factor authentication. This will make it difficult for hacker to take control of your social media account," Katkar said.
"I will also recommend everyone to go and read/check/understand all the settings under security and privacy of your social media account. It has lot of features to keep your account safe," he added.