Wikipedia co-founder Jimmy Wales’ Twitter account hijacked

library
crime | hacking | security

Wikipedia co-founder Jimmy Wales has joined the celebrity list nobody wants to be on, the list of hijacked Twitter accounts.

On Saturday, his verified account tweeted out a rather premature message about Wales’ demise: “RIP Jimmy Wales, 1966 – 2016.”

Within the hour, as people started to wonder about Wales’ whereabouts and whether they should take the message seriously, the hijacked account followed with a new tweet that read…

I confirm that Wikipedia is all lies, OurMine Team is the true

… along with a link to a website displaying the group’s logo and an ad for social media security services.

Wales regained access to his account later on Saturday, and the tweets were deleted.

But according to Mashable, in addition to the fake messages-cum-marketing, Wales’ Twitter bio had been changed to read “hacked by OurMine.”

This isn’t the first we’ve heard of OurMine. In June, somebody or somebodies going by that name hijacked the Twitter and Pinterest feeds of Mr. Social Media himself, Mark Zuckerberg.

Whoever OurMine is, they boasted about allegedly having found Zuck’s password – the worryingly simple “dadada” – by sifting through the recent password dump of stolen LinkedIn accounts.

As Quartz reports, nobody in the hacking world seems to like OurMine, which relishes hacking high-profile accounts at random, boasting about the attacks, and asking followers for future targets.

It’s been connected to hijackings of Twitter feeds belonging to Twitter co-founder Evan Williams, Google CEO Sundar Pichai and Twitter co-founder and CEO Jack Dorsey.

Other high-profile users who’ve seen their Twitter accounts whisked out from under their noses, not necessarily by OurMine, include Sarah Silverman, NASA (those weren’t your typical moon shots!), Tesla and Elon Musk (with the hijackers offering free cars), a teacher who unwittingly got turned into a porn star, Twitter CFO Anthony Noto, and Black Lives Matter activist DeRay Mckesson, whom the account kidnappers turned into a Donald Trump supporter, to name just a few.

Twitter’s ongoing war to clean up its dark underbelly

Besides account hijackings, Twitter has an abuse and troll problem, and it’s been going on for quite a while.

In February 2015, then-CEO Dick Costolo admitted that Twitter “sucked” at dealing with abuse and trolls.

The company’s done a lot of work to clean up its act, and the work continues. Last week, it said that it had taken down 235,000 terrorist accounts, for one thing.

It also announced that it was rolling out two new features to “give you more control over what you see and who you interact with on Twitter.”

According to Twitter product manager Emil Leong, a new “quality filter” can improve the quality of tweets you see “by using a variety of signals, such as account origin and behavior.”

Also, new notifications settings now give users the ability to limit notifications to only people they follow on mobile and on Twitter.

In a blog post, Leong said that starting last Thursday, the new, optional Quality Filter will sift out lower-quality content, like duplicate tweets or content that appears to be automated, from notifications and other parts of Twitter.

How do attackers get our Twitter accounts?

As far as the hijackings are concerned, there are many ways that these accounts could have been taken over. Likely suspects include:

Password reuse. This is why we urge you not to reuse passwords on different sites: if one of those sites gets breached, crooks can use the same login to get into wherever else you’ve used it. They can get into your social media accounts to embarrass you, get access to your contacts, commit identity theft, and drain your banking accounts, while they’re at it.

It’s really a bad idea to use a password twice, and here’s why.

Willy-nilly clicking on links in email is another way to get into trouble. Phishing might sound old-school, but some of the true classics are still extremely successful. In fact, a study from Google and the University of California, San Diego, found that there are some phishing sites that are so convincing, they work on an eye-popping 45% of visitors.

Bad password etiquette. Perhaps a staffer gave the password away to someone, or maybe it was the name of somebody’s pet?

How to protect against account hijacking

Enable multifactor authentication – what Twitter refers to as login verification – should help defend against account hijackings. If you haven’t yet set it up for your Twitter account, why not do it today?