Hackers aligned with the Islamic State are hijacking dormant Twitter accounts to spread jihadist propaganda online. Is your account vulnerable to ISIS?
TechCrunch reports that the breach is the result of a well-known loophole in Twitter’s security protocols. For more than a decade, the platform did not require email confirmation for new accounts. As a result, an unknown number of dormant accounts are easy targets for hackers. Last June, in attempt the curb the growth of automated spam accounts on the platform, Twitter instituted mandatory email confirmation for all new accounts, but millions of older accounts remain unverified. Now, it appears that those accounts are being targeted by the Islamic State and its supporters.
To complicate matters, Twitter is only partly to blame.
According to the Washington Post, Twitters boasted more than 330 million monthly active users in the second quarter of 2018, but the platform is home to another 500 million dead or dormant accounts, and many of those dormant accounts were created using email addresses that no longer exist.
Popular email providers like Hotmail and Yahoo regularly delete and recycle dormant accounts after a period of just 12-18 months of inactivity. If your Twitter account was created using an email address that has been recycled, then an enterprising hacker only needs to reactivate your old email address to gain access to your username.
Enter Islamic State.
Also known as IS or ISIS, Islamic State is a terrorist organization that uses revenue from oil smuggling, extortion, and kidnappings to fund religious violence. From 2014 to 2018, Islamic State conducted or inspired more than 140 terrorist attacks in 29 countries.
Since its inception, ISIS has used social media platforms including Twitter and YouTube to recruit new members and promote sectarian violence. In 2014, IS announced the death of American journalist and hostage James Foley by releasing a video of Foley’s beheading on YouTube. Two years later, an account associated with IS reportedly used the hashtag #JustinBieber to troll the pop star’s fans with a graphic video that included scenes of four men being executed.
Twitter has suspended or deleted more than 1 million terrorist accounts since 2015, and more than 200,000 of those accounts were removed in the first half of 2018 alone. So should you be worried about the security of your Twitter handles? That all depends on whether or not your accounts are linked to an active email address.
Log on. Check your setting. Delete any accounts that are linked to dead email addresses.