Cybersecurity firm hacks top Twitter profiles

A number of high-profile Twitter accounts, including those of Louis Theroux and Eamonn Holmes, have been temporarily hacked by Insinia Security to expose security flaws in the social media platform’s service.

The cybersecurity firm claims it had previously warned Twitter of the underlying problems numerous times.

Insinia reported in a blog post that it was capable of carrying out the hack by analysing the way in which Twitter posts messages via phone. According to the company, hackers with the knowledge of users’ phone numbers could allow them to send messages from accounts they do not personally control.

The company has recommended that users remove their mobile numbers from being associated with their Twitter accounts to prevent cybercriminals from taking unnecessary advantage.

Other accounts that were briefly breached were those of TV host Saira Khan and travel journalist Simon Calder, who called the experience “tedious” and “annoying” as a result of not giving permission to Insinia for carrying out the hack.

Professor Alan Woodward, a computer scientist at the University of Surrey, echoed Calder’s sentiments, saying that: “Interfering with many people's accounts in this way is irresponsible.

“As frustrating as it might be for the researchers in question when Twitter maintain this functionality that can be abused, unauthorised interference with accounts is unacceptable.”

Chief executive of Insinia Security, Mike Godfrey, however has challenged this view, stating that the cybersecurity company had not broken the law through what he described was “passive interaction” with the Twitter accounts in question.

He said: “Nothing has been maliciously hacked.

“We have not had access to any Twitter account and have not seen any of their direct messages.

“There's nothing unethical or irresponsible about what we did.”

In the same blog post, Insinia said its demonstration of the attack was not to compromise data or exploit the user in any way, but to expose Twitter’s vulnerability to the public so the platform could take measures to correct the flaw in order to prevent hackers from spreading fake news or send unwarranted messages.