13 Jun 2019
How was Big B's Twitter account hacked: All details here
The attacks occurred one after the other and were claimed to have been carried out by a group named "Ayyildiz Tim Turkish Cyber Army".
Now, in a major development, security researchers have revealed how the group broke into their accounts.
Here's all about their technique.
Phishing via DMs likely to be the reason
Speaking to IANS, Sanjay Katkar, the CTO of security company Quick Heal Technologies, claimed that the attackers appear to be phishing users via Twitter direct messages.
As part of this, they create fake pages and send the links to those seemingly legit pages to celebs/others in order to trick them into giving away their details.
Notably, this was not the first attack from this group
While Big B and Adnan Sami's accounts have been restored, these were not the first high-profile hacks to have been carried out by "Ayyildiz Tim Turkish Cyber Army".
Previously, they had breached accounts of Divya Dutta and Daler Mehndi as well as those of BMW India and Eros Now.
A researcher had even identified a Twitter user who may be associated with the group.
Here's the tweet from the researcher
How to avoid attacks like this
Though phishing is not the only way Twitter accounts could be compromised, Katkar says attacks like this can be prevented.
First of all, you should not open messages or links sent by unknown parties in Twitter DM.
Secondly, most services, including Twitter, have two-factor authentication, which can easily block third-parties from logging into your account; turn this feature on for your account.
And, then they get access to login credentials
"If the user fills the login credentials on this page, his login information is gone to the hackers who later use it to login and change the original password and take control of the account," Katkar added in the statement.