Several hundred, and likely thousands of Twitter users had their accounts hijacked early Wednesday morning, as part of an apparent pro-Turkey operation. The hijacked accounts, including several verified and high-profile users, have all posted the same Turkish-language tweets with a Nazi swastika followed by the hashtags #Nazialmanya and #Nazihollanda (#NaziGermany and #NaziHolland).
The text after the hashtags reads: “This gives you a little #OttomanSlap,” and makes reference to April 16th — the day Turkey will hold a referendum on constitutional changes that would consolidate President Recep Tayyip Erdoğan’s power and potentially allow him to remain in office through 2029. The tweets also include a link to a pro-Erdoğan video on YouTube. Some accounts had their background images replaced with a Turkish flag.
The attack comes amid heightened tensions between Turkey and the Netherlands, after the Dutch government barred two Turkish ministers from speaking to expatriates in the Netherlands ahead of the referendum. In response, Erdoğan accused the Dutch government of acting like "Nazi remnants," and Turkey suspended high-level diplomatic relations with the Netherlands on Tuesday. Erdoğan also accused Germany of behaving “like Nazis” after the government banned Turkish rallies ahead of the referendum.
It’s not clear how many Twitter users have been affected by the attack, though accounts operated by Amnesty International, Duke University, Reuters Japan, and BBC North America were among those hijacked. Several users have noted that all hijacked tweets appear to have been linked to Twitter Counter, a Netherlands-based analytics application. Twitter Counter was previously targeted in a November 2016 attack that caused some high-profile accounts to spread spam. At the time, the company said it has over 2 million users.
“We are aware of the situation and have started an investigation into the matter,” Twitter Counter spokesperson Omer Ginor said in an email to The Verge. “Before any definite findings, we've already taken measures to contain such abuse of our users’ accounts, assuming it is indeed done using our system — both blocking all ability to post tweets using our system and changing our Twitter app key.” Ginor added that the company does not store users’ Twitter passwords or credit card information.
In a statement to The Verge, a Twitter spokesperson said: “We are aware of an issue affecting a number of account holders this morning. Our teams are working at pace and taking direct action on this issue. We quickly located the source which was limited to a third party app. We removed its permissions immediately. No additional accounts are impacted.” The spokesperson also pointed to a Twitter page where users can find information on how to secure their accounts.
We're aware that our service was hacked and have started an investigation into the matter.We've already taken measures to contain such abuse— TheCounter (@thecounter) March 15, 2017
Update March 15th, 5:40AM ET: This article has been updated to include statements from Twitter Counter and Twitter.