Hackers supporting ISIS have recently been spreading terrorist propaganda on social media by hijacking old, largely abandoned Twitter accounts that were never confirmed via email by their rightful owners, TechCrunch reported on Wednesday.
Generally, the impacted accounts were inactive for long periods of time before they were taken over. Reportedly, many were compromised over the last few days and weeks, while some others have been affected for longer periods of time.
The problem is that some Twitter accounts were created using email addresses that either never truly existed or expired. This allows hackers to commandeer the account by actually creating or recreating the email address that was used to open it in the first place. "This issue has been around for a while but no one really knew and took advantage of it," said hacker, security researcher and ISIS watchdog WauchulaGhost, TechCrunch reported.
Reportedly, Twitter has suspended most of the offending accounts that were brought to its attention, although some remain active and continue to display tweets and retweets that display pro-ISIS propaganda. "Reusing email addresses in this manner is not a new issue for Twitter or other online services," a Twitter spokesperson reportedly told TechCrunch. "For our part, our teams are aware and are working to identify solutions that can help keep Twitter accounts safe and secure."
