After successfully overtaking the primary Associated Press Twitter account — its highest-profile "hack" to date — the Syrian Electronic Army turned its sights on The Guardian over the weekend. The group targeted and temporarily gained access to 11 Guardian-related accounts, all of which were revealed on its website. Many of the accounts (including @GuardianBooks and @GuardianTravel) remain suspended as of today, though others seem to have been successfully recovered.
The Guardian staffer James Ball confirms that, much like in the AP attack, the SEA deployed cleverly-disguised phishing emails to carry out its most recent batch of hacks.
The guys doing the Guardian phishing attack I mentioned yesterday (it's SEA) are really very good: sustained, changing, mails today.— James Ball (@jamesrbuk) April 29, 2013
As these social engineering attempts persist, Twitter is said to be working on two-factor authentication — a security measure that would go a long way towards preventing these exploits. For now, it seems the best precaution potential targets can take is to be extra wary when dealing with email links.