Odaily News Watcher.Guru posted on the X platform that its account was hacked today. Two weeks ago, the team suspected that someone was trying to hack into the account and sent a message to X employees to remind them.
According to his description, on March 5, a Telegram user sent him a link to an article on X. The link was to the official domain of X, but contained an abnormal path, which was suspected to be a social engineering attack. Although the team did not find any obvious risks at the time, they still sent a message to @cstanley, the head of X's network security, but received no response.
At 10:05 Beijing time on March 21, Watcher.Guru discovered that his account had been posted without authorization and deleted it within a few minutes. He also logged out of all devices and reset his password. However, because his "JUST IN" or "BREAKING" tweets are automatically synchronized to social platforms such as Telegram, Facebook, and Discord, the relevant content has been automatically forwarded.
Watcher.Guru said it could not confirm whether the hack was caused by this specific link, but a similar incident recently occurred to db (@tier10k). In addition, his account has 2FA enabled, there are no connected applications, and no API tokens have been detected to be used to publish content.
Currently, Watcher.Guru is still investigating the specific method of intrusion and has contacted X officials for further clarification.