Rahul Gandhi‘s Twitter account was hacked last night. The drama about it went on for over one and half hours as the social media team of the Congress leader tried to regain the control over the account. But in the end it seemed all was well. Only until about 10 in the morning though, when the official Twitter account of Congress party started tweeting nonsense. That account too was hacked.
So what was happening and why the Congress was finding it difficult to get the control back on their accounts. (Rahul’s twitter account is managed by his social media team). Here is what has happened probably.
It looks like the Congress mail server has been hacked. This is something someone from Congress has also told a few publications. FactoryDaily, for example, quotes an unnamed source saying that the party’s mail server has been hacked. This is a breach that is more serious than a regular Twitter account hacking, which many can do either through brute force by guessing password and trying millions of combinations (very difficult) or through getting access to the password via data leaks etc. Many of the Twitter and Facebook accounts are used with third party apps and these apps can leak password. For example, Facebook CEO Mark Zuckerberg saw his Twitter account got hacked because his password and details leaked through a LinkedIn data dump.
But this sort of hacking is also easier to deal with. The attacker doesn’t have the full control over the account. The user can change the account password and other details and then push out the attacker out of his or her account.
But in case someone has access to the email server, the same server that underpins almost all social media accounts, it becomes more serious. The hacker in this case can not only gets access to the social media account but also the mechanism he or she can change the password and can actually lock out the user.
We don’t yet know the full details of what might have happened in the case of Twitter accounts run by Rahul Gandhi and the Congress. But it seems that hackers got into these accounts by hacking into the email servers.
Mistakes were made
It also seems that social media team of Rahul Gandhi made some serious mistakes in how it dealt with the hackers. The team was surely slow to react to the hack. For almost half an hour the attackers had an free run using the twitter account of Rahul Gandhi. Ideally the account should have been temporarily frozen or suspended. It could have easily been done by Rahul’s social media team by getting in Touch with Twitter India team, which they must have been anyways doing anyways given the fact that this is a verified account with over one million users.
But only the account continued to be accessible, the struggle between Rahul’s team and the hacker played out in full public view.
The other mistake that Congress social media team probably made was that it even though it most likely managed to change the password, it did not probably flush out or revoke at app authorisations. This means even after the password was changed the apps within which the accounts was used continued to work. This is probably the reason why we saw tweets getting deleted from Rahul’s account and then more nonsense tweets appearing on the timeline. The social media team of Rahul was deleting the abusive tweets but the hacker just kept writing more.