Twitter has been under an attack for some time that aims to take over the accounts of activists and journalists, and then spread fake news. Casualties have been reported in Venezuela, Bahrain and Myanmar.
The attack was spotted by Access Now, a group that claims to defend “digital rights.” They noted that in recent times several journalists and activists reported to the group over the theft of their Twitter account.
This so-called DoubleSwitch attack works because attackers first try to obtain the credentials of a Twitter account through phishing methods. They then change the password and the corresponding e-mail address, and the account name is changed. The attackers then create a new account under the original account name, which they also provide with the same profile picture and profile information as the original account.
After the original account has been replaced, according to Access Now, it is used to spread misleading information and fake news. Although the new account that took over the original account name does not have the same followers, it still causes confusion.
According to Access Now, there are reports of activists and journalists in Venezuela, Bahrain and Myanmar having accounts stolen. The DoubleSwitch attackers would also be active in other countries, although they were not mentioned by name.