Reality Winner’s Twitter Account Was Hacked To Target Journalists

Twitter account of former intelligence specialist, Reality Winner was hacked over the weekend by threat actors looking to target journalists at prominent media organisations. Hackers took over Winner’s verified Twitter account and changed the profile name to “Feedback Team” to impersonate Twitter staff before sending out suspicious DMs to verified users.

Subscribe
Notify of
guest

3 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
March 2, 2022 12:41 pm

Social media accounts, especially popular accounts with large followings are increasingly targeted by criminals. Once an account is taken over either by virtue of weak passwords, password reuse, or through social engineering attacks, then those compromised accounts can be used to launch a broad range of attacks against its followers. 

We\’ve seen Twitter accounts in the past compromised to peddle cryptocurrency scams, or even further back when the Associated Press account was compromised in 2013 and posted fake news of an explosion at the White House which caused stock market prices to tumble. 

Just as people have to take great care to protect their email accounts, social media accounts should be protected with the same vigour. This includes choosing strong, unique passwords, enabling multi-factor authentication, and being wary of phishing or other social engineering attacks which may try to steal your credentials.

Last edited 6 months ago by Javvad Malik
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
March 2, 2022 12:40 pm

We can expect to see an escalation of attacks like these, as threat actors will continue to increase the threat against journalists, security experts, and other publicly-attractive targets. Users need to secure their accounts using Two-Factor Authentication, while also being very careful as to what links or attachments they click on or open. Never click on a link to go directly to a website. Instead, right-click the link and copy it. Open a text editor and paste the link in the editor, so that you may better see where the link goes. Also, use a malicious URL scanner to check the link, using a site such as is found here: https://www.ipqualityscore.com/threat-feeds/malicious-url-scanner.

Last edited 6 months ago by Chris Hauk
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
March 2, 2022 12:39 pm

What I find notable is that the hackers didn\’t impersonate Reality Winner. They changed the account to impersonate Twitter support staff. So this attack could have been pulled off by hacking any popular Twitter account. It also shows that this was not a targeted attack on a specific person or small group of people (such as Reality Winner\’s personal contacts), and instead was intended to target as many people as possible. Messages from hacked accounts are much more difficult to defend against than other inauthentic accounts. A hacked account already has friends and followers that others will presume is legitimate. Victims are much more likely to respond to messages and take action on behalf of the attacker when using a hacked account.

Last edited 6 months ago by Paul Bischoff
Information Security Buzz
3
0
Would love your thoughts, please comment.x
()
x