As millions of password manager users have been put on red alert as an attack methodology called the perfect heist is revealed, Windows users are warned about a BitLocker encryption vulnerability that exposes passwords, and just about everyone on this password list is at risk, now it’s the turn of the 650 million users of Elon Musk’s X social media network, previously known as Twitter, to come under the password-stealing spotlight. Security experts have warned users not to change their passwords as attackers strike. Here’s what you need to know.
SentinelLABS Researchers Warn Users As X Account Hackers Strike
A new report from researchers at SentinelLABS, part of SentinelOne security group, has warned users of the X social media platform of an ongoing threat campaign targeting account passwords so as to use the more high-profile of them to spread a crypto scam. “This campaign has been observed targeting a variety of individual and organization accounts such as U.S. political figures, leading international journalists, an X employee, large technology organizations, cryptocurrency organizations, and owners of valuable, short usernames,” Tom Hegel, Jim Walter and Alex Delamotte from SentinelLABS warned. Although the campaign in question is mainly aimed at these high-profile users, for obvious reasons, as the more significant the following, the greater the chance of scamming more people, all 650 million active monthly users of X are at risk from similar phishing tactics and should take note accordingly.
The methodology follows a popular theme among such account hackers: impersonating the target product and claiming, oh, the irony, to alert the victim to suspicious activity on their account. “We noticed a login to your account from a new device” the notification will read, “if you do not recognize this activity, please follow the steps below to secure your account.” Those steps are, yep, you guessed it, to click on a link that will open up a prompt to reset your X password. “Secure your X account now,” the warning urges the victim, “You’ll be logged out of all your active X sessions except the one you’re using at this time.”
Actually, you’ll be immediately locked out of your X account once the hacker has got you to perform this security change of password. “The attacker swiftly locks out the legitimate owner and begins posting fraudulent cryptocurrency opportunities or links to external sites designed to lure additional targets,” the SentinelLABS researchers said, “often with a crypto theft-related theme.”
Mitigating The X Account Password Theft Risk
The researchers from SentinelLABS strongly recommend the following mitigations to protect yourself from falling victim to this latest social media attack campaign:
- Use a unique password.
- Enable two-factor authentication.
- Avoid credential sharing with third-party services.
- Be especially cautious of messages containing links to account alerts or security notices.
- Always verify URLs before clicking.
- If a password reset is needed, initiate it directly through the official website or app rather than relying on unsolicited links.
I have reached out to X for a statement, but in the meantime, take my advice: don’t change your X password unless step six above applies.
Read the full article here
