Former intelligence specialist Reality Leigh Winner has had her Twitter account hacked to spread phishing to journalists.
30-year-old Winner is best known best for leaking an intelligence report about Russian interference in the 2016 United States elections. She was sentenced to five years and three months in federal prison for her actions.
Last week, unknown cyber actors took over Winner’s Twitter account, remodeled it to mimic Twitter support, and started sending out DMs to journalists.
Jacob Silverman, staff writer for The New Republic, was among those who received such a DM from the spoofed Twitter account. Silverman, however, was quick to notice something was amiss.
The link reportedly sought to trick DM recipients into divulging login credentials.
Winner herself quickly became aware of the situation and contacted Twitter to restore access to her account. She shared a screenshot showing the access logs to her account during the hack, revealing that whoever was behind the scam was apparently operating in Turkey.
The malicious URL used in the phishing campaign is no longer accessible at this time.
Winner likely had her Twitter password compromised before the takeover. It appears she didn’t have multi-factor authentication switched on.
“It started with these log ins from Turkey and I couldn’t secure my account quickly enough,” Winner tells BleepingComputer.
“I only had a verified account for like 6 days and thought I was gonna lose it. Also I’m really embarrassed that it sent the DM out to journalists, like I felt like I’d lost all credibility,” she added.