A number of Twitter accounts, including major brands and institutions are getting hijacked right now. Everyone from Duke University to major fast food outlets to Nike Spain are getting hacked with a swastika and a reference to April 16th, a date when a referendum will be held in Turkey to give President Erdogan more power.
The tweets are in Turkish and include the words “Nazi Germany” and “Nazi Holland,” presumably in reference to the elections in the Netherlands and the recent diplomatic conflicts between Turkey and the Netherlands. The hackers are posting a link to a YouTube video and the Twitter account sebomubu.
As Rob Lopez has pointed out on Twitter, the attack appears to be coming through a vulnerability in the third party app called Twitter Counter. So if you’ve ever used that service, you should go to “Settings and Privacy” and click on the “Apps” section. There you’ll be able to disable the third-party access to Twitter Counter. And you may as well disable third party access to everything else until we confirm every service that’s currently vulnerable.
Some accounts, which had been hacked earlier, like Forbes, appear to have regained access to their accounts. But they still appear to be in the process of getting fully restored. Forbes, for instance, currently has an egg avatar.
The hack is incredibly widespread, affecting verified accounts like Amnesty International, some celebrities, and soccer stars.
It was an incredibly bad week for Dutch-Turkish relations. Turkish voters go to the polls next month on April 16th to decide whether President Erdogan should be given more powers. In the lead up to this vote, Turkish diplomats in the Netherlands had been speaking at Dutch rallies to Turkish ex-pats in support of the referendum. But Dutch officials prevented the Turkish ministers from speaking, causing a dust-up between the two countries.
“The Turkish community and our citizens were subject to bad treatment, with inhumane and humiliating methods used in disproportionate intervention against people exercising their right to peaceful assembly,” a statement from Turkey said of the situation in the Netherlands.
Even where some of the tweets have been deleted, the banner image of the Turkish flag sometimes remains, like on the account for Starbucks Argentina.
It’s unclear yet if the Turkish hackers are connected to any state entities or if this is the work of independent Erdogan supporters. Gizmodo has reached out to Twitter and will update this post when we hear back.
Update, 5:36am: Twitter just sent us this statement:
We are aware of an issue affecting a number of account holders this morning. Our teams are working at pace and taking direct action on this issue. We quickly located the source which was limited to a third party app. We removed its permissions immediately. No additional accounts are impacted. Advice on keeping your account secure can be found here.
Update, 5:44am: The third party app The Counter has tweeted that they acknowledge they’ve been hacked: “We’re aware that our service was hacked and have started an investigation into the matter.We’ve already taken measures to contain such abuse.”