A Twitter account linked to Prime Minister Narendra Modi’s personal website was purportedly compromised early on Thursday, with a series of tweets sent out by an individual or a group identifying themselves as ‘John Wick’ who later told HT that the hack was meant to clear their name in a separate breach involving a popular e-commerce website.
A Twitter spokesperson confirmed that the page — @narendramodi_in – associated with the PM’s website narendramodi.in was compromised. Shortly after 3am, several posts were made, including some urging people to donate to a cryptocurrency wallet that the hackers said was linked to the “PM National Relief Fund”.
“There is no other intention to hack this account. Recently fake news of our name saying PayTM mall [was] hacked by us. So we have sent email to all news publishers in India [that] it’s not us, no one replied, so we decided to post something,” said a person who responded from the email address that was posted in one of the tweets after the hack. The tweets have since been taken down.
To a query from Hindustan Times, a spokesperson from Twitter in an email said, “We’re aware of this activity and have taken steps to secure the compromised account. We are actively investigating the situation. At this time, we are not aware of additional accounts being impacted.”
An official of the Prime Minister’s Office, requesting anonymity, said the hack had nothing to do with the PM’s Twitter handle, but “only with his website”.
“The website is managed by the BJP, but anyway, except to secure the password of the account, a user can’t do much with his/her own Twitter handle,” he said.
The hackers did not respond to questions on how they carried out the hack and whether it was a compromise of the Twitter account itself, but identifiers seen on screenshots suggested the tweets were made using a tool titled “narendramodi_tweets_apps”.
The hacker suggested that this was done by breaking into the website narendramodi.in, and not the Twitter account. “Yes, 100% not secured,” said this person, when asked if they exploited something called an API, which allows people to access and send out tweets without accessing an account through Twitter.com.
“They have to increase the security and invest in people like us,” the hacker said.
On August 30, cyber security firm Cyble reported that a hacking group identifying itself as John Wick “was able to gain unrestricted access to the entire databases” of PayTM Mall, an online retail venture of the popular payments app PayTM. PayTM later issued a statement saying it was investigating the breach and assured that user data was safe.
A person aware of the preliminary analysis at Twitter, who asked not to be named, said “there was no indication or evidence at this stage of any correlation between this account compromise and the incident that took place in July”. The reference was to the breach of Twitter’s internal systems through which hackers similarly solicited payments in digital currency by making posts from the accounts of US presidential candidate Joe Biden and former US president Barack Obama and billionaire Elon Musk.
The page @narendramodi_in is followed by 2.5 million users and is a platform for disseminating news about the PM’s activities, his statements and addresses.
It was not immediately clear if any money was sent into the cryptocurrency account posted in the hacked tweets.