Magashule's 'fake tweet': Here's how easy it is to hack into a Twitter account

Business Insider SA
Ace Magashule
Ace Magashule. Photo: Felix Dlangamandla (Netwerk24)
  • ANC spokespeople claim the party's secretary general Ace Magashule say his Twitter account was hacked.
  • It is actually pretty easy to hack someone's Twitter account, according to a local cyber crime expert.
  • We outline some measures to protect your account.
  • For more stories, got to Business Insider SA.

This week, amid a battle of words over the independence of the Reserve Bank, a tweet was sent from ANC Secretary General Ace Magashule’s account that confirmed that the ANC will expand the SARB’s mandate, with president Cyril Ramaphosa and head of presidency, Zizi Kodwa, “copied in”.

The tweet directly contradicted a statement freshly issued by Ramaphosa. 

It was later deleted, with Magashule describing it as “a fake tweet” that was “alleged to be from my account”.

His claim was met with some derision. News24 reported that a screengrab showed the tweet had been sent from his account.

Still, Kodwa told the SABC that he believed Magashule's account had been hacked. Party spokesperson Pule Mabe also believed it was "hacking activity by those who thrive on the ANC being divided”, according to a Daily Maverick report.

Twitter hacking claims are not uncommon – and many prominent people and companies (including Google) have actually had their accounts hacked.

Last year, Rudy Giuliani, US President Donald Trump's attorney, claimed his Twitter account had been hacked after he unintentionally tweeted a link to an anti-Trump website.

And earlier this year, Malaysia’s minister of education claimed fake tweets were sent from his account. 

South African celebrities have had their accounts hacked in recent months – including the rapper Cassper Nyovest, who had to pay to get his account back.

How easy it is to have your Twitter account hacked?

Pretty easy – especially if you use a weak username/password combination and don’t have two-factor authentication enabled, says Andrew Chester, managing director of security specialist firm Ukuvuma Security.

“However Twitter does monitor for those kind of breaches and they have robust systems built to prevent it as far as they can.”

Two-factor authentication requires that to reset a password, you need to first verify your identity via email and then with a unique code sent to your phone.

Alternatively, your Twitter account may be compromised if your personal devices or networks (such as your home network) have been breached, which could give an attacker direct access to those services without having to “hack” your Twitter account, says Chester.

How hackers can access your Twitter account:

  • They can send you an email with malicious software which copies and transmits your login and password when you type it in. There are also similar attacks for smartphones.
  • Some people also lose control of their Twitter accounts via phishing attacks, in which they are sent fake websites and asked to enter their details.
  • Attackers can also install a "hardware keylogger" in your computer, which will capture whatever you type.

Other, less common attacks involve compromising a linked social account first, such as LinkedIn or Facebook, or using password-cracking software that continuously generates passwords in an effort to guess the correct one, although such attempts are typically detected and blocked.

Here’s how to avoid your Twitter account from being hacked:

Use a strong password that you don’t use on other sites

It needs to be at least 10 characters long, with a mix of uppercase, lowercase, numbers, and symbols. Don’t use any personal information like a phone number, or your birthday. Also don’t use words that are used often like “password”, “iloveyou” or sequences such as ”abcd1234” or “qwerty”.

Remember that the email account associated with your Twitter account also needs to have a strong and unique password.

Twitter recommends that you use password-management software to store all of your login information securely. 

Activate Twitter’s extra security features

Go to the “Settings and privacy” of your account.

Click on "Security", which will give you access to two additional safeguards:

Login verification

Instead of relying on a password only, this will require that you type in a security key sent to your phone before you can log into your account from a new device.

Password reset protection

If you check this box, you will be prompted to enter either your email address or phone number, or your email address then phone number if both are associated with your account to send a reset password link or confirmation code if you ever forget it. 

Make sure you’re on before you enter your login

Some people who have had their Twitter accounts hacked were the victims of phishing.

Whenever you are prompted to enter your Twitter password, take a look at the URL in the address bar of your browser to make sure you're on only. 

Never give your username and password out to third parties

Especially not those promising to get you followers, make you money, or verify you, Twitter warns.

You can revoke access for applications that you don't recognise or that are tweeting on your behalf by going to the Applications tab in your account settings.

Keep your computer and browser up-to-date and virus-free

Your Twitter account is only as secure as the hardware and software you use to access it. 

Receive a single WhatsApp every morning with all our latest news: click here.

Also from Business Insider South Africa: