British Army's Twitter, YouTube Accounts Get Hacked... to Promote NFTs
21:23 GMT 03.07.2022 (Updated: 15:20 GMT 28.05.2023)
© Photo : Twitter
Subscribe
Social media users who noticed such an unexpected shame asked a reasonable question after realizing the account takeover: Does the British Army's account not have a two-factor authentication enabled?
The sudden hacking of the British Army's Twitter account on Sunday resulted in a deluge of content offering giveaways and contests where followers could win non-fungible tokens (NFTs).
The name of the social media account was altered at least two times, and new profile images were uploaded that included a robot and an ape wearing makeup resembling that of the Batman villain The Joker.
The account's posts encouraged followers to enter competitions, with winners chosen at random to get NFTs, which are blockchain-stored digital artworks.
🚨 BREAKING NEWS | The British Army Twitter account (@BritishArmy) has been hacked and is now posting tweets promoting competitions to win NFTs and claiming the UK is going to attack Pakistan. pic.twitter.com/6cTM8t5dfP
— George Allison (@geoallison) July 3, 2022
British Army Twitter account @BritishArmy appears to have been hacked pic.twitter.com/41HPtSeln1
— OSINTtechnical (@Osinttechnical) July 3, 2022
As some pointed out, after the initial NFT posts, the hackers decided to amuse themselves by posting random messages like declaring war on Pakistan.
A screenshot of the British Army's official Twitter account on July 3, 2022.
© Photo : Twitter / @Osinttechnical
The YouTube account of the British Army was also infiltrated and replaced by an account called Ark Invest, which promoted multiple livestreams ostensibly showing a cryptocurrency discussion with Tesla founder Elon Musk.
Ark Invest is a large international investing company tied to crypto technologies; however, it is unclear if the company had anything to do with the hack.
Additionally, it now seems as if their YouTube channel is gone too. Being replaced with an investment channel. called 'Ark Invest'. pic.twitter.com/AddsaMsNNp
— George Allison (@geoallison) July 3, 2022
According to users, the bacchanalia on the army's official Twitter account lasted about half an hour, after which new posts were deleted and the account's bio was restored. As for the account's avatar, it remained blank for about an hour longer.
At 9 p.m. GMT, the account was restored and the social media manager in charge of the British Army's account apologized to subscribers.
"Apologies for the temporary interruption to our feed," a statement on Twitter reads. "We will conduct a full investigation and learn from this incident. Thanks for following us and normal service will now resume."
However, the YouTube channel has not been restored at the moment and remains empty after all streams appear to have been taken down.
Earlier, the British army confirmed in an official statement via other means of communication that its Twitter and YouTube accounts had been hacked.
"We are aware of a breach of the Army’s Twitter and YouTube accounts and an investigation is underway," the Ministry of Defence's press office said. "The Army takes information security extremely seriously and is resolving the issue. Until their investigation is complete it would be inappropriate to comment further."
Currently, the army has 362,000 followers on Twitter and 177,000 subscribers on YouTube.
Although the group responsible for the cyberattacks is not yet known, the embarrassing security lapse raises major questions for the military and raises the possibility that additional social media accounts could also be in danger.
Many on Twitter took the opportunity to drag the UK service, mocking the branch for ever referring to itself as a "responsible cyberpower" - as it does so on its accounts.
Some advised the branch to change its password and enable two-factor authentication, for example, via phone.
"Password: Bethebest01 should have been changed ages ago to be fair," said one user.
"Shouldn't have used "waterloo" as a password," another stressed, while receiving a reply that said: "probably was boris123 and then they changed it to boris1234."
And yet, at the time of this article's publication, not only has the Army's YouTube account not been restored, but the British Army's website has also remained downed. The fall of the site by British officials has not yet been commented on.
