Twitter Counter Hack Leads To Hundreds Of Accounts Tweeting Swastikas, Nazi References

A number of Twitter accounts, including those belonging to verified users, were hacked thanks to a vulnerability in a third-party Twitter app and have been sending tweets with swastikas and the date of a referendum to be held in Turkey to give President Erdogan more power.

The hack stems from a third-party twitter app called Twitter Counter, a statistics and analytics service based in Amsterdam.

Users of Twitter Counter grant the app access to their account, giving it permission to do a number of actions, including send tweets and edit details of a profile.

Read: Why Turkey And Germany Are Fighting Over Nazis: Berlin Bans Pro-Ankara Rallies, Angering President Erdogan

While it is unclear exactly how many users have been affected by the issue, the problem has been widespread and high-profile enough for users to take notice. Accounts including those belonging to Forbes, Amnesty International, Duke University, Starbucks Argentina and Nike Spain were all compromised in the attack.

Those accounts, along with others that were affected, were used to tweet out a message in Turkish that made reference to a constitutional referendum set to be held in Turkey next month. The vote would grant Turkish President, Recep Tayyip Erdoğan, more power by replacing the existing parliamentary system of government with an executive presidency and abolishing the office of the Prime Minister.

There are references made to "Nazi Germany" and "Nazi Holland" in the tweets, which may related to a recent diplomatic conflicts between the Netherlands and Turkey —including a decision by Dutch officials to prevent Turkey’s foreign minister from addressing a group of Turkish voters.

The hackers have also used accounts to share a link to a YouTube video and links to a now-suspended Twitter account that went by the handle sebomubu. Some accounts have had their icon and banner image changed to an image of the Turkish flag.

Read: Is Turkey Safe? Dutch Warn Citizens Over Turkey Travel Amid Erdogan Nazi Comments

In a series of tweets, Twitter Counter acknowledged the hack and said it was looking into the cause of the problem. “We're aware that our service was hacked and have started an investigation into the matter. We've already taken measures to contain such abuse,” Twitter Counter said.

Twitter Counter noted its service does not store any Twitter account credentials, including passwords, or any additional personal data such as credit card information. Twitter Counter opted initially to block the service’s ability to post tweets, then decided to temporarily disable the app all together.

“If this activity continues, then we strongly believe it's not just through us,” the company said.

“We are aware of an issue affecting a number of account holders this morning. Our teams are working at pace and taking direct action on this issue,” Twitter said in a statement. “We quickly located the source which was limited to a third party app. We removed its permissions immediately. No additional accounts are impacted. Advice on keeping your account secure can be found here.”

What To Do If You Used Twitter Counter

Technically, since Twitter and Twitter Counter have both taken actions to attempt to contain the attack, there isn’t much that Twitter users should need to do. However, that doesn’t mean users of Twitter Counter won’t want to rethink placing their trust in it, or in any third-party app that demands certain permissions.

Go to the “Settings and Privacy” menu by opening Twitter in your browser and clicking your user icon in the upper right-hand corner of the screen. Select the “Settings and Privacy” in the dropdown menu.

Click the Apps section and you’ll see every app you’ve granted access to your Twitter account. Find Twitter Counter and click the “Revoke access” button to disable it.