or the legitimate owner to regain control of their handle.
The activists and journalists in Venezuela, Bahrain, Myanmar, and elsewhere have been targeted with this method. The goal is to spread misinformation and silence the target, but the attackers are also deleting older posts that they don’t like.
The idea of the Doubleswitch is pretty simple. The hacker takes control of a verified account through the usual methods like email phishing. Then, the hacker changes the email and password on the account.
Twitter does have a form for reporting issues that will be reviewed by humans but it’s a slower process. And this problem isn’t just relegated to Twitter but all social media that offers verification. The best defense against it is two-factor authentication. But in some countries, like Venezuela which is where Access Now found the first instance of the technique, activists and journalists avoid associating personal information with the account. What Access Now suggests is that these services should be more proactive in offering other forms of multi-factor authentication, like an app-based solution.