screen-shot-2016-12-01-at-10-47-42-am

Update: It seems another Indian National Congress (INC) account has been compromised. This time, it’s Rachit Seth

Something has gone terribly wrong with security at the Indian National Congress’ twitter accounts, with two accounts (Rahul Gandhi‘s, and now the INC‘s) compromised since yesterday, and the threat of emails being released soon.

The political party yesterday found that the accounts of their party Vice President Rahul Gandhi was being run by someone else, publishing tweets which used abusive language that was homophobic, abusing Gandhi’s family, among other things. Within minutes, Twitter was full of screenshots, a sample here.

Among the tweets then, was one that said “We are legion. Do not fuck with us.” That’s a statement typically linked to Anonymous, the activist group of anonymous hackers that views hacking as a means of protest. A documentary on them here. Note that no one has claimed credit for this yet.

Minutes ago, it appears, the account of the Indian National Congress, the party to which Gandhi belongs, got hacked. Tweets, yet again, are reminiscent of language used by Anonymous: a screenshot here.

Email dump?

What they’ve also warned of, is that they have a dump of Congress party emails:
screen-shot-2016-12-01-at-10-32-37-amThis reminds us of what happened with Hillary Clinton in the recent US Elections, where Wikileaks published her emails, including “50,547 pages of documents span from 30 June 2010 to 12 August 2014. 7,570 of the documents were sent by Hillary Clinton” emails. In July this year, they published emails from the Democratic National Committee, which were damaging for the Clinton campaign, especially in light of the DNC’s staffers comments on Bernie Sanders.

It’s not clear how access has been gained to these accounts: Twitter India has been conspicuous by its silence, and it’s amazing how long it took for the tweets to be deleted. There’s no way of knowing this, but often accounts get compromised because of access permissions given to other applications, which use Twitter authentication, and seek permission to post details.

You can revoke application access to your Twitter account here