Twitter has a security problem — and businesses are paying the price for it.
The official Twitter account of Indian airline IndiGo has been hit with a breach. The verified account, which previously had over 100,000 followers and several hundred thousands of tweets, now appears to be in possession of a user who goes by the handle @activevibezzz1.
Image: screengrab/twitter
Earlier Tuesday morning, IndiGo’s Twitter handle was changed to “activevibezzz1”. Twitter allows users — including businesses — to change their username. As part of the transition, all existing followers of IndiGo airline are now unwittingly also following the compromised account. The compromised account posted a few mysterious tweets Tuesday.
Twitter has removed the verification mark from the account, as it does for a brief time when a verified user’s handle is changed. In such cases, as part of its policy, Twitter requires the user to provide their documents again to ensure that the account is still in the right hands.
Much to IndiGo’s horror, its original Twitter handle — @IndiGo6e — which became available after the unfortunate christening this morning, has been claimed by another person.
It’s a complex situation for both Twitter and IndiGo and it will be interesting to see how they manage to get things sorted. Mashable India has reached out to both the companies for comment.
On Tuesday, IndiGo took to Facebook to confirm that its Twitter account has been compromised, urging its puzzled customers to use Mark Zuckerberg’s platform instead of Jack Dorsey’s for sharing grievances.
According to media reports, this is the second time IndiGo’s Twitter account has been compromised in the past one week. On Jan. 26., too the airline company had confirmed that its Twitter account has been hacked, hours after reportedly posting some offensive tweets.
IndiGo’s twitter account hacked for the second time in six days. Airline claims its account was accessed on Jan 26 from Texas, US.
— Somesh Jha (@someshjha7) January 31, 2017
The new breach is just one of the dozens of incidents of high-profile Twitter accounts being compromised in the past few weeks. Over the weekend, hacker group OurMine hacked several of WWE’s accounts.
Though Twitter offers two-step authentication for users, it appears to be struggling with coming up with a solution for business users.
This begs the question: why are so many accounts keep getting hacked on Twitter? The decade-old microblogging platform, which has been increasingly positioning itself as a news platform, appears to be severely struggling with providing a subset of its users with a full-proof security defense.
Though Twitter offers two-step authentication for users, it is seemingly struggling with coming up with a solution for business users. Several businesses — including very likely IndiGo as well — have more than one person handling the social account. In such cases, it is not as convenient for them to use two-step authentication. But that might not be the only issue.
A hacker group, which identified itself as Legion, late last year stirred panic among high-profile Indians after hacking the Twitter accounts belonging to Rahul Gandhi, the heir of the Indian National Congress Party, Congress Party, Indian typhoon Vijay Mallya, and journalists Barkha Dutt and Ravish Kumar. Speaking to Mashable India, the group claimed that it has a bypass for Twitter’s two-factor authentication as well.
Speaking to Mashable India over the past two days, OurMine confirmed that it had hit accounts affiliated with WWE, as well as several of news outlet CNN’s Facebook accounts by targeting the social media manager account, which it claimed was linked to all the other social accounts.
Putting all the blame on Twitter will not be fair, however. Leaked screenshots last week revealed that even Donald Trump’s official @POTUS Twitter handle was using a basic Gmail account without two-step authentication.
WauchulaGhost, a hacker with a history of hijacking ISIS-linked Twitter accounts, last week warned of potential security vulnerabilities of notable Trump-tied handles as well, including those of the President, First Lady and VP.
Regardless, Twitter already has enough things to worry about, and perhaps it could do without losing big names because of hack concerns.
