TechSpot means tech analysis and advice you can trust. Read our ethics statement.
Twitter has just experienced a massive hack affecting hundreds of accounts, including high-profile ones from the likes of Amnesty International, Forbes, Unicef USA, and BBC North America. The attackers appear to be supporting Turkish President Recep Tayyip Erdogan, who recently compared Dutch and German officials to Nazis.
The hackers posted a number of messages in Turkish that read: "卐 #NaziGermany?#NaziNetherlands, a little?#OTTOMAN SLAP for you, see you on #April16th," a reference to the date of Turkey's referendum that could see its president handed more power. They also include a link to a pro-Erdogan YouTube video.
Reuters reports that accounts belonging to CEOs, publishers, government agencies, politicians and some regular Twitter users were compromised.
The hackers gained access using third-party analytics firm Twitter Counter, which can send new tweets from the accounts of people who sign up to the service. This is the second time it's been compromised; in November last year, Twitter Counter was used to send spam tweets from various accounts, including PlayStation, The New Yorker, and Viacom.
The company has confirmed it was hacked and is starting an investigation into the matter. It has changed its Twitter app key and is currently not allowing any tweets to be posted through it. Twitter Counter confirmed it does not store its users' passwords or credit card information.
We're aware that our service was hacked and have started an investigation into the matter.We've already taken measures to contain such abuse--- TheCounter (@thecounter) March 15, 2017
Twitter gave the following statement regarding the incident.
We are aware of an issue affecting a number of account holders this morning. Our teams are working at pace and taking direct action on this issue. We quickly located the source which was limited to a third-party app. We removed its permissions immediately. No additional accounts are impacted. Advice on keeping your account secure can be found here.