Cyber Incident Victim: TheCounter

On or around November 20, 2016, the third-party Twitter analytics service Twitter Counter suffered a security breach that enabled attackers to post unauthorized promotional content through linked user accounts. The compromise affected numerous high-profile accounts, including those of celebrities Charlie Sheen and Lionel Messi, media organizations such as Sky News, The New Yorker, The Next Web, and The Economist, as well as corporate accounts including PlayStation, Xbox, and the US National Transportation Safety Board (NTSB). Attackers exploited the breach to disseminate tweets promoting a service claiming to increase Twitter followers. Twitter Counter publicly acknowledged the incident on Saturday, November 19, confirming the hack had allowed posts on users' behalf and initiating an investigation. The scale of the incident demonstrated the attackers' focus on compromising accounts with substantial follower counts to maximize visibility of their promotional campaign.

Twitter Counter implemented containment measures that prevented further unauthorized posts by the attackers, though the specific intrusion method remained undisclosed. The company issued reassurances regarding user data protection, emphasizing they did not store Twitter account passwords or credit card information. The incident highlighted security risks associated with third-party services linked to social media accounts, as these integrations created additional attack vectors. While no direct evidence suggested stolen credentials, the breach prompted broader discussions about authentication practices, with implicit concerns about account security extending beyond the immediate compromise. The event coincided with Twitter's September 2016 participation in the Vendor Security Alliance (VSA), a coalition including Uber, Dropbox, and Airbnb aimed at improving third-party security assessments, reflecting industry recognition of supply chain vulnerabilities exposed by incidents like the Twitter Counter breach.