Cyber Security

Sri Lankan Airlines Official Twitter Account Hacked – Seems like nobody wants to fix it

983 views
1 min read

One of the major AirLines in Sri Lanka well known as “Sri Lankan Airlines” – its official Twitter account has been hacked by a cryptocurrency organization. Currently, AirLine’s official verified account is being used to Tweet things related to Cryptocurrency. The official Twitter account of Sri Lankan Airlines has over 117 800 followers and has published over 9000 Tweets on its official account. Ever since the account’s vulnerability it has been losing followers lately, and more than 20 tweets have been published on AirLine’s official Twitter handle regarding info related to Crypto.

The researcher found this vulnerability on 28, September and had warned the relevant authorities regarding the risk which the account is facing. Eventually, the researcher managed to find direct contact with the Airlines IT Department.

“I reached out to them via the official email address of the Airline’s IT Department on Thursday 29, September. After informing the relevant section about the risk the account is facing, the IT department replied saying that, “The matter will be looked at closely”. However, on being aware of the incident no actions have been taken to recover the account back to normal” – the researcher said.

Crypto scammers are determined to gain access to Twitter accounts with a large scale of followers. To be verified on Twitter the account must be notable and active and the verification is mostly given to government sector accounts, news organizations and companies. When an account passes the verification process the account is tagged as an “Authentic Account” and a verification badge is given (Blue Tick). Crypto Hackers hijack verified social media handles to publish tweets related to Crypto-coins, Crypto membership programmes, Non Fungible Tokens (NFT’s) and more. When people get to see these Tweets from verified accounts they tend to purchase/invest and signup on Crypto platforms. This hijacking process will work as an investment for the Organization.

Twitter has the rights to remove the verification badge from an account and also the account to be terminated under following scenarios, in accordance with its “Twitter Terms of Services”.

  1. If the account name is changed – (Airline’s username changed)
  2. If the account is no longer in the position initially it got verified for – (Verified under government sector)
  3. If any misleading content is published on the account. – (Info related to Crypto has been published on Airline’s account)

Airline’s, official Twitter handle falls under all of the above scenarios and In accordance to Twitter’s “Terms of services”, the Airline’s official Twitter handle is on verge of being banned. However, if necessary and quick actions are taken, there is a high possibility to secure the account.

Letter to Editor