The British Army’s official Twitter and YouTube accounts were compromised over the weekend, with hackers exploiting the accounts to promote non-fungible token (NFT) schemes.
Initially, hackers altered the account’s profile photo, header, and description to sell Bapesclan NFTs, a collection of cartoon apes depicted face-on. The account’s owners eventually marketed another collection named The Possessed.
By Sunday evening, the Army had reclaimed control of the account, tweeting, “Apologies for the temporary interruption to our feed.” We will investigate thoroughly and learn from this situation. Thank you for sticking with us; normal service will now resume.”
Videos advertising cryptocurrency using photos of Tesla CEO Elon Musk were released on YouTube.
The self-proclaimed creator of The Possessed NFT project responded to the hackers on Twitter, stating they had been impersonated.
“@BritishArmy has been hacked and is disseminating false @ThePossessedNFT information. Forget about us; please report their account as compromised because this is not acceptable “@TMW buidls sent out a tweet.
“We can confirm that yesterday there was a breach of the Army’s Twitter and YouTube accounts and an investigation is underway,” an Army spokesperson said.
“We take information security extremely seriously and whilst we have now resolved the issue an investigation is ongoing and it would be inappropriate to comment further.”
Hacks to verified accounts like this one are widespread in the NFT realm and are used to organize fraudulent giveaways or sell bogus NFTs through official-looking sites. This attack suggests a lack of additional security layers on official UK government accounts. This may have been avoided with procedures such as two-factor authentication. The breach might potentially have occurred as a result of the owner visiting a malicious URL.
The British Army now has 362,000 Twitter followers and 177,000 YouTube subscribers.