London: In a bid to highlight security flaws in Twitter, Britain-based Insinia Security temporarily hijacked several celebrity and journalist accounts active on the micro-blogging site.
According to a report in The Telegraph, messages appeared on several celebrity and journalist accounts on Thursday with the words: “This account has been temporarily hijacked by INSINIA SECURITY.”
To take control of the accounts, the researchers at the company used fake SMS verification that made it appear as if they belonged to the account owners, said the report.
Insinia said it successfully hijacked the accounts of a number of celebrities, including Eamonn Holmes, Louis Theroux, Simon Calder and Saira Khan among others.
A simple method allowed it to send tweets, direct messages, retweet and like tweets, follow and unfollow people, according to the company which warned that the vulnerability could be easily exploited by nation states, hackers and organised crime groups.
The vulnerability could be used to “spread fake news and disinformation via influential celebrities and journalists”, Insinia warned in a blog post.
While Twitter has not yet officially reacted to the threat, Insinia recommended that users should meanwhile remove their phone number from the Twitter account.
“Twitter should completely remove this functionality (SMS verification) as users rely on their phone added to account for two-factor authentication,” Insinia said.