Dozens of high-profile Twitter accounts from the European Parliament, BBC North America, Duke University, and other institutions were briefly hacked to send out tweets with swastikas and hashtags like #Nazialmanya and #Nazihollanda — Turkish for Nazi Germany and Nazi Holland — according to USA Today. Some tweets make reference to a "little Ottoman slap” and "See you on April 16," indicating the date of a Turkish referendum vote on extending more power to Turkish President Recep Tayyip Erdogan.
UNICEF USA was one Twitter user that confirmed to USA Today it was hacked. UNICEF said it was "deeply concerned that our social media platforms would be used to promote hate speech... The offensive tweet has been removed. We are investigating the matter and working to ensure it does not happen again."
But the hack wasn't to Twitter itself — instead it targeted a third-party analytics app used by many large Twitter accounts called Twitter Counter.
Hi everyone - we temporarily lost control of this account, but normal service has resumed. Thanks.— BBC North America (@BBCNorthAmerica) March 15, 2017
"We are aware of an issue affecting a number of account holders this morning," Twitter said in a statement shared with CNet and others. "Our teams are working at pace and taking direct action on this issue. We quickly located the source which was limited to a third party app. We removed its permissions immediately." This reaction from Twitter might prove that the company really does care about curtailing hate speech and Nazi references — if you're a non-personal account for a major entity with hundreds of thousands of followers.
We identified an issue affecting a small number of users. Source was a 3rd party app and it has been resolved. No action needed by users.— Twitter Support (@Support) March 15, 2017
Wired's interpretation of all this: "[The] Twitter Counter incident reminds that your online accounts are only as secure as their weakest app. All the hacked accounts did wrong in this case was put their trust in a third-party service—one that has had security issues before."
We're aware that our service was hacked and have started an investigation into the matter.We've already taken measures to contain such abuse— TheCounter (@thecounter) March 15, 2017
One thing is important to note - we do not store users’ Twitter account credentials (passwords) nor credit card information.— TheCounter (@thecounter) March 15, 2017
Assuming this abuse is indeed done using our system, we’ve blocked all ability to post tweets and changed our Twitter app key.— TheCounter (@thecounter) March 15, 2017
The Twitter Counter application is blocked on Twitter. If this activity continues, then we strongly believe it's not just through us.— TheCounter (@thecounter) March 15, 2017
As Reuters explains, the hack apparently seeks to further sour Dutch-Turkish relations. Turkish diplomats in the Netherlands had been speaking at Dutch rallies for Turkish ex-patriots recently in support of the referendum, before Dutch officials prevented them from doing so. After Dutch police disrupted protesters waving Turkish flags, Turkish ministry sources stated that "the Turkish community and our citizens were subject to bad treatment, with inhumane and humiliating methods used in disproportionate intervention against people exercising their right to peaceful assembly."