14 DAY TRIAL // 19-year-old model Kendall Jenner had her Twitter account hacked recently, and the perpetrators started to publish racy and rude tweets about her, her father, and Justin Bieber.
Celebrities sometimes resort to tweeting incredible and often highly unpleasant things on their social media accounts just to get more attention, but in this case, the hack appears to be genuine.
Two unknown accounts promoted through the tweets
A set of three insensitive tweets were posted on Jenner’s account, promoting two other Twitter profiles, which were most likely handled by the hackers, probably in an attempt to increase the number of followers.
However, the messages were quickly removed, a sign that the 10.2 million strong Twitter cohort checking on Jenner’s activity spread the word about the hack.
The two accounts promoted in the tweets have also been suspended by the microblogging service. The model has not released a public statement about the incident.
Possible hacking methods
As far as how the intrusion was possible, the method used was probably the standard combination of spear phishing and lack of two-factor authentication (2FA) as additional security measure on the account.
2FA ensures that access to the profile is not granted unless a second authentication code, aside from the regular password that accompanies the username, is provided. The code is delivered to a device in the possession of the user, and it is set to expire after a certain amount of time.
With 2FA protection turned off, all the hackers had to do was find out the email address of the celebrity and serve her a link to a spoofed Twitter log-in page that is designed to collect all the information entered in the fields and send it to a third party.
An easier method would be to trick her into reaching the spoofed location via enticing messages delivered on other social media accounts.
Achieving this sounds more complicated than it is, especially in the case of famous individuals, who have plenty of personal information all over the web.
Alternatively, with the username already known, the hackers could have just guessed the password for the Twitter account; however, this would require more effort from their part.
