A number of Twitter accounts, including major brands and institutions are getting hijacked right now. Everyone from Duke University to major fast food outlets to Nike Spain are getting hacked with a swastika and a reference to April 16, a date when a referendum will be held in Turkey to give President Erdogan more power.
People walk past a large banner showing the portrait of Turkish President Recep Tayyip Erdogan in Taksim Square on 13 March 2017 in Istanbul, Turkey (Photo by Chris McGrath/Getty Images)
Screenshot of Duke University’s official Twitter account after it was hacked earlier tonight (Twitter)
The tweets are in Turkish and include the words “Nazi Germany” and “Nazi Holland”, presumably in reference to the elections in the Netherlands and the recent diplomatic conflicts between Turkey and the Netherlands. The hackers are posting a link to a YouTube video and the Twitter account sebomubu.
As Rob Lopez has pointed out on Twitter, the attack appears to be coming through a vulnerability in the third party app called Twitter Counter. So if you’ve ever used that service, you should go to “Settings and Privacy” and click on the “Apps” section. There you’ll be able to disable the third-party access to Twitter Counter. And you may as well disable third party access to everything else until we confirm every service that’s currently vulnerable.
Some accounts which had been hacked earlier, like Forbes, appear to have regained access to their accounts. But they still appear to be in the process of getting fully restored. Forbes, for instance, currently has an egg avatar.
Screenshot of Forbes’ official Twitter account after it had been presumably restored to its owners (Twitter)
The hack is incredibly widespread, affecting verified accounts like Amnesty International, some celebrities, and soccer stars.
Screenshot of Amnesty International’s official Twitter account after it was hacked earlier tonight (Twitter)
It was an incredibly bad week for Dutch-Turkish relations. Turkish voters go to the polls next month on April 16 to decide whether President Erdogan should be given more powers. In the lead up to this vote, Turkish diplomats in the Netherlands had been speaking at Dutch rallies to Turkish ex-pats in support of the referendum. But Dutch officials prevented the Turkish ministers from speaking, causing a dust-up between the two countries.
“The Turkish community and our citizens were subject to bad treatment, with inhumane and humiliating methods used in disproportionate intervention against people exercising their right to peaceful assembly,” a statement from Turkey said of the situation in the Netherlands.
Screenshot of Starbucks Argentina’s official Twitter account after it was hacked earlier tonight (Twitter)
Even where some of the tweets have been deleted, the banner image of the Turkish flag sometimes remains, like on the account for Starbucks Argentina.
It’s unclear yet if the Turkish hackers are connected to any state entities or if this is the work of independent Erdogan supporters.
Gizmodo reached out to Twitter, which sent us this statement:
We are aware of an issue affecting a number of account holders this morning. Our teams are working at pace and taking direct action on this issue. We quickly located the source which was limited to a third party app. We removed its permissions immediately. No additional accounts are impacted. Advice on keeping your account secure can be found here.
The third party app The Counter has tweeted that they acknowledge they have been hacked: “We’re aware that our service was hacked and have started an investigation into the matter. We’ve already taken measures to contain such abuse.”
We're aware that our service was hacked and have started an investigation into the matter.We've already taken measures to contain such abuse— TheCounter (@thecounter) March 15, 2017
One thing is important to note – we do not store users’ Twitter account credentials (passwords) nor credit card information.— TheCounter (@thecounter) March 15, 2017
Assuming this abuse is indeed done using our system, we’ve blocked all ability to post tweets and changed our Twitter app key.— TheCounter (@thecounter) March 15, 2017