Jeremy Corbyn, leader of the Labour party in the UK, had his Twitter account hijacked this weekend.
At least one assumes that is what happened, after a series of foul-mouthed posts (and one about British Prime Minister David Cameron being, of all things, a pie) were made:
It didn’t take long for the unauthorised tweets to be deleted, but not before Jeremy Corbyn’s 384,000 followers started retweeting them.
The good news is that the messages were just silly and/or offensive. Things could have been much worse if the unauthorised tweeter had chosen to link to a website containing malware, for instance.
All the same, clearly the leader of the opposition didn’t have tight enough security measures in place over his Twitter account.
If one assumes that it wasn’t a disgruntled former member of his recently reshuffed shadow cabinet who took advantage of Corbyn leaving himself logged into Twitter, then a potential explanation is that this was an example of poor password security.
Whether it was a poorly chosen easy-to-guess password, the result of a phishing expedition, or the common story of passwords being reused on multiple sites, it is almost certain that Corbyn’s account was not taking advantage of all of the security features that Twitter makes available to its users.
Chief amongst these is Login Verifications that allows users to verify their identity via the official Twitter iOS and Android app.
If Login Verifications is enabled on your Twitter account, a hacker doesn’t just need to know your password to gain access - they also need to have your smartphone.
Here’s a video from Twitter showing Login Verifications in action:
Login verification can be enabled through the Settings section of your Twitter account.