'Hackers takeover Twitter accounts to spread fake news'

Social media hackers are hijacking Twitter accounts and spreading misinformation in a new kind of attack according to digital rights group Access Now. The accounts of human rights activists and journalists in Venezuela and Bahrain have been the targets.

The hack, called "DoubleSwitch" involves taking over the account and then switching the username. The hacker then creates a new account under the original username and oftentimes uses the same profile picture and display name.

Because of this "DoubleSwitch," the original user is unable to recover the original account. They do not know the old account's new account name and their original account name is now registered to the hacker. 

Why the takeover? Hackers are using these accounts to spread fake news. Of course, the followers of the original account are not transferred over. But still, the original name is lost and can warrant confusion from former followers. 

Twitter was able to recover two of the accounts cited by Access Now. The company did not immediately respond to a request for comment. 

One key solution to make sure this doesn't happen is to activate two-factor authentication, where you have to use another device to approve your sign-in. 

Facebook, which is not seeing the same problems according to Access Now cited two-factor as a solution.

"We recognise the risk of malicious actors seeking to mislead people. For our part, we are taking a multifaceted approach to help mitigate these risks, such as building a combination of automated and manual systems to block accounts used for fraudulent purposes, and we continue to encourage people to use two-factor authentication," a Facebook spokesperson wrote in an emailed statement. 

"As Access states, two-factor (multi-factor) authentication is an important security feature that Facebook offers to people that makes it much harder for an account to be compromised in the first place," the statement continued. 

However, two-factor isn't a perfect solution. Some users do not like to share and associate personally-identifiable information with their accounts. 

*Kerry Flynn writes for Mashable.com.

Category: