On Monday, members of the Syrian Electronic Army hacktivist group took command of The Onion’s Twitter account. Posing as legitimate writers, the SEA posted several jokes related to Israel and the civil war in Syria.
(For clarification, SEA is a pro-Assad organization.)
According to sources at The Onion the SEA used a phishing email attack on Onion staff members. The email included a link that appeared to link to the Washington Post, but in fact directed to a hacked website that displayed a fake Google Apps login page. Evidently, one or two employees fell for the ruse and the SEA gained access to their email accounts. From those email addresses, the SEA launched yet another phishing attack and ultimately gained access to Twitter.
According to The Onion:
Coming from a trusted address, many staff members clicked the link, but most refrained from entering their login credentials. Two staff members did enter their credentials, one of whom had access to all our social media accounts.
Immediately after discovering the breach, The Onion’s tech team sent an email to staff directing them to change their passwords. Unfortunately, this advice spurred a third phishing attack from a compromised internal email address that linked to a fake password-reset page. The SEA gained two more sets of credentials from this last attack, allowing them to maintain control on Twitter for an extended period of time.
It seems there couldn’t be a better time for Twitter to move to two-factor authentication — something the company is already working towards.