Electoral Commission Twitter account hacked, voters asked not to click
Australian voters have been asked to ignore direct messages purportedly sent from the Australian Electoral Commission, after the commission's Twitter account was hacked on Tuesday.
Twitter users started telling the AEC its Twitter account had been hacked shortly after 7 am, when they received links in direct messages from @AusElectoralCom. Some of the messages read "I found a funny pic of you!" with the link leading to a fake Twitter page designed to capture users' login details by way of "verification".
It is a classic phishing scam - Twishing - perpetrated by malicious hackers and something the social network has moved to curtail by limiting the number of DMs that can be sent at once to 250. The scam's goal is to capture more and more Twitter login details to in turn send more DMs. Links of similar scams have been found to lead to malware downloads, including banking trojans.
Evan Ekin-Smith, spokesman for AEC, said the commission received advice from Twitter early Tuesday that its account had been compromised together with a list of measures to fix the problem.
Mr Ekin-Smith said he was not aware of how its password had been obtained, but was certain no one from the organisation had been phished in a similar scam or divulged the password.
He said the AEC would now change its password daily and to increasingly more complex combinations to ensure it wouldn't happen again. It has also elected to use Twitter's two-factor authentication introduced in May, requiring a verification code sent to a linked mobile number to login.
"It's the power of social media used in a negative way. I have been speaking to our IT people this morning, they are putting in further steps - so anyone who tries to access our Twitter account will have to go through many more complicated steps in the future."
At 9:10 am the AEC posted: "The Twitter issue has been resolved swiftly this morning. It was in no way related to any AEC IT systems."
Mr Ekin-Smith said AEC was quick to address the issue and to determine no IT systems had been compromised. He said no third-party applications were linked to the account.
AEC is the latest in a string of hacked high-profile accounts - Jeep, The Guardian, and Associated Press were among those hacked recently, some as a result of hactivism.
Twitter's help centre has advice for people whose account has been hacked.