The hacking technique used by a group calling itself the Islamic State of Iraq and Syria (ISIS) has been found to work in at least one case, Fox 13 News reported.
The group has published instructions on how to take over a Twitter account using the company’s Android app, and now has a way to do so on iOS.
Fox 13 reported that in a separate case, the group also used the technique to take down a Twitter employee’s account.
In the case of the Twitter employee, the hacker managed to get the Twitter user’s username and password to his or her phone.
“They had to give the password to the phone,” he said.
The hacker managed, using a program called “Get My Password,” to gain access to the Twitter account of the employee’s boss, who was not immediately identified.
He then used a phone number associated with the Twitter address to send a message to the employee that said, “I am going to have a look at you,” and then to send the employee a screenshot of the text message he had sent to him.
The tweet in question read, “We are the caliph and we are going to conquer your world.”
The hacker then took control of the phone and made the phone call.
The company’s Twitter app does not allow for the hack to be completed using the user’s credentials.
Fox reported that the Twitter hack was discovered in the last week of June.
The attacker did not have access to a network, nor did he have a password to any account.
Fox13 reported that Twitter said the Twitter attack was a “lone wolf attack,” but it was unclear how the hacker obtained the username and passwords of the account holders.
Twitter also said it was notifying affected users and urged them to change their passwords.