When I’m assessing a new or updated antivirus product, the periodical reports from antivirus testing agencies throughout the world are quite helpful. Receiving an email from the labs leadership team is not surprising for me because I am familiar with all the key people, but one recent email contained an unusual request. The CEO and co-founder of AV-Test Institute (Opens in a new window) , Andreas Marx, inquired about my insider connections at Twitter. It turned out that the primary Twitter account for the AV-Test Institute, @avtestorg (Opens in a new window) , had been hijacked, and his requests for assistance on Twitter were going ignored.

How could this occur at a business that has been in the security sector for more than 15 years? Speaking with Marx and AV-other Test’s CEO and technical director Maik Morgenstern, I discovered that even when you take every precaution, you may still fall victim to hacking. Rather than offering assistance to AV-Tests’ business and its clients, the AV-Test account is still posting and retweeting random NFT spam as of this writing.

” alt=”Password change warning in Russian”>

Since I am German and have been using Twitter in German for the past ten years, it seems to me that the default language was changed first.

To my astonishment, the account’s new email address was partially obscured and I could see the statement saying only the new address needed to be confirmed. As a result, Twitter doesn’t even inquire about consent for changing the account’s email address.

Which methods did you try to regain access? We got in touch with Twitter support right away and created a case called “Regain access – Hacked or compromised,” giving all the information necessary to regain control of our account. We submitted a second case when nothing occurred after two days, with the same outcome thus far: nothing.

What does Twitter advise in this situation? Twitter advises you to get in touch with them through the “ Im having problems with account access (Opens in a new window) ” website.

What did Twitter have to say? So far, Twitter has not responded to either the website’s initial report or a second request made two days later. Additionally, we attempted to email Twitter and contact them using @TwitterSupport.

The answer “no” is not totally accurate. I just got a message from a robot asking for my opinion on Twitter. It ought to barely require two minutes! but that comes from a different source.

What did this experience teach you? I must admit that I continue to feel completely lost. There hasn’t been any response after more than a week. As the changes to the account and the postings are quite unusual, I actually anticipated a response from Twitter after my reports. The account should have at the very least been temporarily disabled for further investigation. The account is still active, and since we don’t have access to it, the malicious parties may still be using it.

Any suggestions on how others might safeguard their Twitter accounts? We attempted to secure the account by using a strong password and 2FA (two-factor authentication), but it appears that these measures were insufficient. The majority of the security mechanisms may be disabled since the attacker was already logged in when they took control of an active session rather than stealing the password. Why updating the email account wouldn’t result in a 2FA request is still a mystery to me. Other social networks handle this far better than Twitter does, so that’s obviously a shortcoming of Twitter.

Image with the alt text “How to Protect Your Smart Home From Hackers”
Alt text for article images

My strong advice is actually for Twitter, not for other people. ” alt=”Article picture”> Please make sure the person currently using this email address approves the transfer before altering the email address associated with an account. To prevent the account from being easily taken over, many other websites and social media platforms need 2FA in the form of a confirmation link or code before the account may be transferred.

And Twitter, will you kindly reply to messages?

HOW CAN YOU GUARANTEE YOUR OWN ACCOUNTS ARE SAFE? You could assume that you’re out of luck if even the specialists can’t stop an account takeover. Actually, there are a lot of things you can do to keep your Twitter account and other crucial accounts secure. start with the fundamentals. Purchase a password manager if you don’t already have one. Make use of it to create new, random passwords for your sensitive accounts. You won’t have to worry because the password manager will remember them.

Multi-factor authentication may have been avoided by the hackers in this case, but it doesn’t mean it isn’t still useful. It is far more difficult for someone to break into your important accounts when you use multi-factor authentication. It’s likely that a random hacker will pass over your account in favor of something simpler, like one with a simple password and no additional authentication.

SHARE
TWEET

You may also like