Account Takeover Fraud , Application Security , Fraud Management & Cybercrime

Indian PM Modi's Twitter Account Compromised - Again

Tweet Announcing Bitcoins for Citizens Deleted; Account 'Secured'
Indian PM Modi's Twitter Account Compromised - Again
Fake tweet posted to Indian Prime Minister Narendra Modi's compromised account

The Twitter handle of Indian Prime Minister Narendra Modi was "briefly compromised," the Prime Minister's Office announced on Sunday. The Parag Agrawal-led social media platform "immediately secured" the account, the PMO's tweet says.

See Also: Webinar | 2023 OT Cybersecurity Year in Review: Lessons Learned from the Frontlines

PMO's official Twitter handle announcing the account compromise

The tweet claimed that India had "officially adopted bitcoin as legal tender" and would distribute 500 BTC - approximately $23.7 million - to "all residents of the country." The cryptocurrency scam was first reported by CNN-News18's Aditya Raj Kaul.

The tweet from Modi's account has since been deleted.

Twitter and the PMO did not respond to Information Security Media Group's request for comments.

The second hijack of Modi's Twitter account comes on the heels of India gearing up to introduce a bill in Parliament to ban private cryptocurrencies in the country.

The first time around, in September 2020, Indian Express reported that hacker group John Wick had posted a tweet from the PM's Twitter handle. It said: “I appeal to you all to donate generously to PM National Relief Fund for Covid-19, Now India begin with crypto currency. Kindly Donate Bitcoin.”

The hackers also posted a second statement: “Yes this account is hacked by John Wick, we have not hacked Paytm Mall." The clarification was made amid reports attributing the massive data breach involving the Indian e-commerce platform to John Wick.

Celebrity Cryptocurrency Scams on Twitter

Twitter accounts of high-profile individuals - including Microsoft founder Bill Gates, Tesla founder Elon Musk, U.S. President Joe Biden and former U.S. President Barrack Obama - were hijacked in unrelated cryptocurrency-based scams in 2020.

Twitter's investigations at the time revealed that the attackers had targeted Twitter employees through a social engineering scheme to obtain access to the high-profile accounts.

In August 2019, The New York Times revealed that hacker group Chuckling Squad had hijacked former Twitter CEO Jack Dorsey's account. The group had reportedly announced that the company's San Francisco headquarters would be bombed and then posted a string of racist tweets.

The attack was later attributed to a "security oversight" by Dorsey's mobile service provider that made it possible for an unauthorized person to send messages and tweets from his mobile number, according to Twitter Comms.

Twitter's Security Measures

After the 2020 incidents of account compromise, Twitter said it had used internal detection and monitoring tools to alert the platform of unusual behavior or possible unauthorized attempts to access its internal tools.

Twitter also said it had improved its focus on high-profile accounts to safeguard them during the U.S. elections. The identified accounts were reportedly informed of account security measures via in-app notifications from Twitter.

As part of Twitter's enhanced security measures, it said it had deployed more sophisticated detection and alert mechanisms, increased login defense to prevent malicious account takeovers and provided account recovery support.

In addition to practicing better cyber hygiene, including the use of stronger passwords, Twitter said it encouraged users to use two-factor authentication to protect accounts from unauthorized logins. The company also recommended revoking connections to unrecognized or unfamiliar third-party applications.

John Bambenek, threat intelligence adviser at cybersecurity firm Netenrich, says two-factor authentication is extremely important. He tells Information Security Media Group that several account takeovers were possible because the accounts did not have strong 2FA in place. "One of the biggest things a security team should insist on is two-factor authentication, or 2FA, for any access to social media accounts or social media management platforms," he says.

According to Bambenek, it's not just high-profile individuals who need to exercise caution, but their social media teams as well.

"Due to the public nature of social media accounts, social media managers in companies are also highly targeted individuals for those wishing to engage in hacktivism. Those users need to have strong protection and detailed security training to deal with the increased risk they are under from being targeted by cybercriminals," he says.

Is Twitter Liable?

The disclosure of the PM's Twitter account compromise saw users debating on where the onus of protecting the Prime Minister's social media account lay - the Prime Minister's Office or Twitter.

About the Author

Soumik Ghosh

Soumik Ghosh

Former Assistant Editor, Asia

Prior to his stint at ISMG, Ghosh worked with IDG and wrote for CIO, CSO Online and Computerworld, in addition to anchoring CSO Alert, a security news bulletin. He was also a language and process trainer at [24] Ghosh has a degree in broadcast journalism from the Indian Institute of Journalism & New Media.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.