UK Police Twitter account and website were hijacked?

[I4rg£8all8ag]

Late on Friday night, some rather out-of-character tweets seemed to be coming out of New Scotland Yard.

The Twitter account of London’s Metropolitan Police (@metpoliceuk) broadcast to its more than one million followers a series of bizarre and sometimes offensive messages:

What’s more, the tweets pointed to suspect content in the news release section of the official Met Police website. 

Thankfully, Met Police Superintendent Roy Smith took to Twitter to confirm that this wasn’t New Scotland Yard trying to be “down with the kids”, and the account was reasonably swiftly brought back under control. 

My guess is that the nature of the links posted by whoever was behind the attack, and the content that some of them linked to (which appeared to doxx an individual) might well point the authorities in the direction of those who might be responsible.

Someone, however, hadn’t guessed the password to the Met Police’s Twitter account or hacked into its website.

You see, as they later confirmed, the Met Police had been using a service called Mynewsdesk that is supposed to make it simple to create a piece of content (such as a press release), and then automatically update your website and social media outlets, and send an email notification to mailing list subscribers.

It was Mynewsdesk that updated the Met Police’s Twitter account, and posted the bizarre messages on the Met Police’s website. The Met Police’s own systems had not been hacked.

And the Met Police’s news section is only really the Met Police’s website in name. It’s actually hosted on Mynewsdesk infrastructure. 

So someone, somehow, managed to hijack control of the Met Police’s Mynewsdesk account. And that’s why the tweets got posted, and that’s why the emails were sent, and that’s why the Met Police’s website was updated.

Whether the Mynewsdesk account was compromised because of a common reason like password reuse or the phishing of credentials feels most likely but it’s also possible that there was a vulnerability in Mynewsdesk which allowed a hacker to gain access.

[Jordan]

Sorry but this was Already posted here:

 

Topic closed.