Thousands of Twitter accounts, including high profile ones belonging to celebrities and media outlets were hacked on Wednesday, and branded with the Turkish flag and messages being sent out in Turkish.
Some of the high profile accounts affected are Forbes, Amnesty International, the BBC’s North American service, and pop star Justin Bieber.
The compromised Twitter accounts which were attacked through their use of a popular third-party analytics service, Twitter Counter, tweeted propaganda related to Turkey’s escalating diplomatic conflict with Germany and the Netherlands.
One tweet appears to show a swastika – a symbol adopted by Adolf Hitler and the Nazis in Germany. There were also two hashtags, which when translated means Nazi Germany and Nazi Holland. The tweet appears to be in favor of Turkish President Recep Tayyip Erdogan.
The tweet links to a video of Erdogan. It also mentions the date of April 16, which is when Turkey will hold a referendum seeking to give more power to the President.
According to global reports, the tweets showed that a large number of Twitter accounts were hacked with the same message being posted.
A search for the hashtags in the message – #Nazialmanya and #Nazihollanda in the original Turkish – returned thousands of results, indicating widespread success on the part of the hackers. The attackers also changed profile pictures and header images for some more high-profile targets, changing the main image to a Turkish flag and the profile picture to a Turkish-style coat of arms.
Twitter Counter, the company at the heart of the mass breach, based in Amsterdam has said they are aware of the situation and have started an investigation into the matter.
The company’s chief executive said: “Before any definite findings, we’ve already taken measures to contain such abuse of our users’ accounts, assuming it is indeed done using our system – both blocking all ability to post tweets using our system and changing our Twitter app key.
“One thing is important to note – we do not store users’ Twitter account credentials (passwords) nor credit card information. The abuse risk is limited to posting or following on Twitter and as I’ve mentioned – the first part is already contained.”
In a statement, Twitter said that it was “aware of an issue affecting a number account holders this morning. Our teams are working at pace and taking direct action on this issue. We quickly located the source which was limited to a third party app. We removed its permissions immediately. No additional accounts are impacted.”
However, these hackings may not have been targeted purely for political symoblism, as this is not the first time Twitter Counter has been hacked. It was hacked in November 2016, resulting in some accounts including Playstation, The New Yorker and Viacom sending spam tweets.
Twitter users can see which services they have granted permissions to on the Twitter website, and removing permissions granted to apps and services they no longer use can help limit damage in the case of future hacks.