The hijacked accounts hadn’t tweeted for several years, but suddenly began tweeting in a noticeably different tone, in some cases praising Allah or retweeting propaganda, according to TechCrunch.
Security researcher WauchulaGhost discovered hackers were taking advantage of the fact that many of the dormant accounts used email addresses that have since expired or were never created in the first place.
For many years, Twitter didn’t require users to verify the email address used to create their account, which meant users could sign up with a fake address.
That has since changed, as Twitter now requires users to confirm their account using an email address or phone number.
But the hackers took advantage of the security flaw in older accounts and were also able to guess a user’s email.
Twitter hides part of the email address used to register on the site, but hackers were easily able to guess what it was, as, in many cases, the user signed up with an email address that’s identical to their handle.
After that, the hackers were able to create an email account using that expired address and reset the password on the Twitter account.
This gave hackers full access to the account, enabling them to post photos, videos and other content that were in support of terrorist groups like ISIS.
‘This issue has been around for a while but no one really knew and took advantage of it,’ WauchulaGhost told TechCrunch.
‘Now, we have Islamic State supporters that have figured it out.’
In some cases, the hackers didn’t even bother to change the user’s original bio, going on to post things like ‘…with your cars, let’s go pack, you bomb, go with a bomb, you go in any way,’ according to TechCrunch.
Many of the accounts, which had racked up tens of thousands of followers, have since been suspended by Twitter.
A Twitter spokesperson told TechCrunch that hackers taking advantage of old email addresses is ‘not a new issue’ and that it continues to try to ‘identify solutions that can help keep Twitter accounts safe and secure.’
In April, Twitter announced it had shut down more than 1 million for promoting terrorism since 2015.
The firm said 93% of the suspended accounts were ‘flagged by internal, proprietary tools’ in the latest reporting period, while 74% were cut off before their first tweet.