Hijackers DM @realDonaldTrump from former Fox News hosts’ accounts

The Twitter accounts of two former Fox News hosts were hijacked on Tuesday by somebody or somebodies who filled their feeds with propaganda supporting Turkey’s controversial president, Recep Tayyip Erdoğan.
The accounts, which belong to Eric Bolling and Greta Van Susteren, were restored within a few hours, but not before alert Twitter users grabbed screen captures.

It appears that pro Turkish President hackers have taken over Greta Van Susteren’s Twitter account. pic.twitter.com/aLOSljf0yQ

— Yashar Ali 🐘 (@yashar) January 16, 2018

2. Looks like they’ve hacked into Eric Bolling’s Twitter account as well. pic.twitter.com/0Whua9jUkI

— Yashar Ali 🐘 (@yashar) January 16, 2018

As one Twitter user pointed out, the connection between the two journalists is that they’re two of only 45 accounts followed by US President Donald Trump. This tweet captures direct messages the hackers sent to @realDonaldTrump from Van Susteren’s account:

3. The connection Greta and Eric Bolling have in this case is they’re both followed by @realDonaldTrump – the hackers are now sending direct messages to President Trump from Greta’s account. pic.twitter.com/P5jPS1MPus

— Yashar Ali 🐘 (@yashar) January 17, 2018

This direct message sent from Van Susteren’s account asks Trump to share a propaganda video from his personal account:

.@realDonaldTrump follows both Greta Van Susteren and Eric Bolling – The hackers are now DMing the president!!! pic.twitter.com/GXp8ICtlkL

— Jon Levine (@LevineJonathan) January 17, 2018

The Huffington Post translated one of the propaganda posts that was written in Turkish. It read:

You are hacked by the Turkish cyber army Ayyildiz Tim! We got your DM correspondence! We will show you the power of the Turk!

Another, written in English, from the hijacked Van Susteren account:

We love the Turks and Muslims in the world. We condemn those who persecute them, especially in the United States, and we share their suffering . We love turkish soldiers, we love Erdogan, we love Turkey.

While they still had control of the accounts, the hackers also posted a screenshot of what appeared to be Bolling’s direct messages.
The two had their accounts back by Tuesday night:

Legit Turkish hackers. But we are back in #maga mode again. pic.twitter.com/PfdFv6ctFb

— Eric Bolling (@ericbolling) January 17, 2018

As many of you know, my twitter account was hacked…I think I have now handled the problem. What a waste of 3 hours to handle…but thank you @Twitter for helping me

— Greta Van Susteren (@greta) January 17, 2018

Make sure you’re not next

Mr. Bolling, Ms. Van Susteren, I’m sure it won’t be much consolation, but you’ve just joined the who’s who of hijacked Twitter accounts. We’ve printed it before, but here’s an updated list that includes these big names:

• John Podesta, chairman of Hillary Clinton’s presidential campaign.
• Mark Zuckerberg – Mr. Social Media himself.
• NASA’s Kepler account.
• Twitter CFO Anthony Noto.

As we’ve noted in the past, there are plenty of ways to have your Twitter account hijacked:

• Getting phished.
• Using feeble passwords, such as your pet’s name, or simply handing over your password to strangers.
• Poor password hygiene, such as using the same password on multiple sites – here’s how to pick unique, strong passwords.

Of course, Twitter accounts of high-visibility targets – businesses, celebrities or big brands such as Fox News – are particularly tempting to hijackers. Most particularly when they’re on the small list of 45 people who can direct message the POTUS!
Twitter has attempted to make it safer to have one of those tempting, highly targeted accounts.
In 2015, the company introduced a feature called TweetDeck Teams that lets users share Twitter accounts without having to share passwords. Twitter added the feature to TweetDeck, the account managing software it picked up in 2011.
The tool also makes it possible for anyone sharing an account to use Twitter’s two-factor authentication (2FA), or what it calls “login verification”.
That will send a one-time login code to a user’s phone that they need to enter in addition to a username and password. It’s another layer of protection against would-be account hijackers, since they’d need not only your login credentials but also your phone to take over your feed.
There have been multiple high-profile hijacking victims who’ve admitted that 2FA might have helped them avoid the nightmare of having their accounts taken over, their data wiped and/or vicious content posted on their Twitter accounts: technology reporter Mat Honan said as much after he had all of the data wiped from his iPhone, iPad and MacBook and had his Gmail and Twitter accounts hijacked.
But it’s worth noting that 2FA hasn’t been enough to stop some determined attackers. Naoki Hiroshima, a software developer and the rightful owner of the valuable @N Twitter handle, credits 2FA with probably preventing an attacker from logging into his PayPal account. But 2FA didn’t keep the attacker from socially engineering and extorting his @N handle away.
Nor did it help DeRay Mckesson, whose account was whisked out from under him by somebody using just his name and the last four digits of his taxpayer ID.

Protect yourself

While there are a few exceptions like those above, there are heaven knows how many more hijackings that have been stopped by 2FA, so turn it on whenever and wherever you can.
All accounts should be secured with passwords that are tough as nails, be they for celebs, politicians, Twitter execs, or plain old civilians. Here’s our short, sweet video on how to hammer out a good set of nails for your accounts:

(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)