How Rahul, Congress Twitter accounts may have been hacked 

Even social networking websites with two-step verification procedures are not secure any more.

Published: 01st December 2016 03:26 PM  |   Last Updated: 01st December 2016 03:30 PM   |  A+A-

Congress Vice President Rahul Gandhi addressing the media at Parliament during the winter session in New Delhi on Monday. | PTI

Congress Vice President Rahul Gandhi (File | PTI)


NEW DELHI: As the news of Congress Party and its Vice President Rahul Gandhi's Twitter accounts being hacked spread like wildfire on Thursday, cyber experts were not surprised as the phenomenon is quite common across the globe where hackers are always a step ahead when it comes to data breach -- be it a social media platform or your financial information.

When it comes to celebrities, Facebook CEO Mark Zuckerberg, Twitter CEO Jack Dorsey, Google CEO Sundar Pichai, Twitter co-founder and former CEO Evan Williams, US actor-singer Jack Black -- even the deceased Beatle George Harrison -- have seen their social media accounts being hacked in recent times.

Even social networking websites with two-step verification procedures are not secure any more as hackers have evolved various strategies to steal personal information from computers, laptops or smartphones.

"There may be a possibility that Rahul Gandhi's Twitter account was logged into from an unsecured computer or a device that did not have next-generation firewall, an updated anti-virus software or from a compromised IP address. This situation is a boon for hackers who are constantly searching for security flaws and hack into the social media accounts of celebrities and political leaders," Anoop Mishra, one of the nation's leading social media experts, told IANS.

According to Saket Modi, Co-founder and CEO of IT risk assessment and digital security services provider Lucideus, the social media hack of both Congress Party and its Vice President's Twitter accounts can be a result of any one of two possibilities.

"It can either be a potential backdoor (malware) being present on a computer system on which both the accounts might have been simultaneously accessed, or this can be a long, persistent and targeted attack (spear phishing in most cases) on the political party. In either case, I am certain there is more data in the hands of the hackers than just account access that might be released in due course of time," Modi told IANS.

"The only two parties responsible for the security of a social media account are the social media provider (in this case Twitter) and the owner of the account. As these are just two accounts that have been compromised and misused, it is safe to assume that the exploited vulnerability was not present on the side of Twitter," Modi added.

There are several infamous groups busy working day and night to hack into social media accounts -- be it Legion, that claimed to have hacked into Rahul Gandhi's Twitter account, or OurMine, that compromised the Twitter accounts of Zuckerberg, Dorsey, Pichai and others.

The most popular website among hackers is which compiles the databases for publicly available hacks of usernames, passwords and email addresses from every major website security breach over the last few years, say media reports. 

For a country like India that is transitioning to a digital era, experts feel there is a need for stronger cyber laws to minimise such cyber-bullying risks.

"India still does not have a dedicated legislation on cyber security or bullying when it comes to social media platforms. The country, given its vision of becoming an IT super-power, needs to have a dedicated cyber security law on this at the earliest," Pavan Duggal, one of the nation's top cyber law experts and a senior Supreme Court advocate, told IANS.

The Information Technology Act, 2000, was amended in 2008. By virtue of the 2008 amendments, certain cosmetic changes concerning cyber security were made to the Information Technology Act, 2000. 

"These amendments are not sufficient and adequate in today's scenario. Further, the cyber security breach ecosystem ground realities are distinctly different in 2016 as compared to 2008. As such, there is a distinct need for India to beef up its legal frameworks on cyber security and cyber bullying," Duggal added.

People need to adopt various cyber hygiene methodologies in order to avoid online data stealing.

"Having in place an updated anti-virus software on your computer system is a critical component. There are several encrypted data services available which can be used abroad. Company executives should only access HTTPs sites -- being secure sites," Duggal suggested.

"If you're accessing something sensitive on public Wi-Fi, try to do it on an SSL (Secure Socket Layer) encrypted websites. The HTTPs browser extension can reduce the risk by redirecting you to an encrypted page when available," Mishra explained.

Turn off file/computer/network sharing and avoid using specific websites where there's a chance that cyber criminals could capture your identity, passwords or personal information.

"Make all new PIN and account passwords different and difficult to guess. Include upper and lower case letters, numbers and symbols to make passwords harder to crack online," suggested Sunil Sharma, Vice President-Sales and Operations (India & SAARC), Sophos, a global leader in network and endpoint security.

India Matters


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp