Earlier today a massive cyberattack affected thousands of Twitter accounts by making them spam a pro Erdogan tweet/video and in some cases changing their profile and header pictures.
It appears the hack was caused by TwitterCounter (aka @thecounter on twitter), a third-party application used by many Twitter accounts that probably got its credentials stolen. Several users reported seeing hacked tweets being posted via the app:
Looks like the mass hack that's hit a bunch of twitter accounts stems from https://t.co/UqLm4wUkbO pic.twitter.com/HCaB1wgjxh-- Alex Hern (@alexhern) March 15, 2017
Twitter users can give certain apps permission to use their account on their behalf by granting this application a 'key'. If this key falls into the wrong hands it means these wrong hands are then able to do anything this key allows them to do (in some cases this means posting tweets, in other cases it could mean near full control over the account).
Here's how to protect yourself: go to this link https://twitter.com/settings/applications to see a list of all the applications that have a 'key' to your account. If you see 'The Counter' in the list it is probably a good idea to hit that "Revoke access" button next to it. Now might also be a good time to revoke the access of all other applications you don't use anymore or which you don't recognize. If it breaks anything, you can always reauthorize these apps again later.
Meanwhile TwitterCounter hasn't officially responded to the hack. Their latest tweet as of this time reads:
Need a good laugh? 🤣 These #Twitter accounts are sure to bring a smile to your face! https://t.co/UDxAtxDdMm pic.twitter.com/8v9IoACH73-- TheCounter (@thecounter) March 14, 2017
I'm sure they could use a laugh right now. If Twitter revokes their access key their entire userbase needs to resubscribe to the service using a new key (if they still trust them with their Twitter accounts after this). Ouch!