Followers were asked through a number of tweets to donate cryptocurrency to a relief fund supposedly set up by Modi’s office.
Twitter reported being aware of such activity and set about putting precautions in place in order to secure the account.
This is the most recent high-profile Twitter breach following similar attacks in July targeting Joe Biden, US presidential candidate, and Tesla’s Elon Musk.
The account is Prime Minister Modi’s official Twitter handle which boasts 2.5m followers.
“While this does match a similar pattern from the last round of hacks asking for cryptocurrency, this appears to be an isolate incident and to an account with far fewer followers than PM Modi’s personal account,” explained Chad Anderson, senior security researcher at DomainTools. “As Twitter has higher security for certain accounts of leaders, celebrities, and higher follower count I would assume that this was a simple password reset attack or other targeted attack against the compromised account.”
The following cybersecurity experts have had their say:
Javvad Malik, security awareness advocate at KnowBe4:
“Social media accounts, particularly those with large influence, are among the most valuable digital assets around. If criminals gain access to them, they can not only perpetrate fraud, such as asking unsuspecting followers to pay cryptocurrency under false pretences – but they can spread disinformation, lies, or social engineer others via private messages.
It’s therefore vitally important that organisations, vendors, and users, take all steps necessary to protect their social media accounts. For users, this includes, but is not limited to ensuring passwords are strong and not reused and enabling MFA where it is available. Additionally, users of social media accounts should be wary of links sent to them, or messages which are unexpected or appear out of the ordinary. Remaining vigilant online at all times is essential to help prevent being a victim of online scams, fraud, and even corporate espionage.”
Hank Schless, senior manager for security solutions at mobile security specialists Lookout:
“It’s critical to train your employees on how to spot mobile phishing attempts. Your employees are the first line of defense against a phishing-related breach. Most people understand how to spot phishing attempts sent to a computer via email, but that all goes out the window on mobile devices. This attack is an example of Account Takeover (ATO), which is a common tactic malicious actors use to gain access to personal and corporate accounts.”
