On Sunday, a Twitter account of the NY Times was hacked.
On Sunday, a Twitter account of the NY Times was hacked.

A Twitter accounting belonging to the New York Times was reported hacked on Sunday morning, possibly twice, according to a report in The Hill.

A message was posted to the Times's video account: “BREAKING: leaked statement from Vladimir Putin says: Russia will attack the United States with Missiles.”

Soon after the message was deleted at around 10 a.m., tweets from the hacker group OurMine appeared claiming to have co-opted the Twitter account, but denying responsible for the Russia tweet.

OurMine is notorious for breaching Twitter accounts and then offering its security audit services. It's unclear whether OurMine's claim in this case is true.

While the New York Times took down the tweets and stated it was investigating, another tweet from OurMine was posted soon after to the New York Times Video account taunting the media outlet to contact the group "to fix the issue."

“Hackers are realizing the power of social media over influential news sources like the New York Times, and are breaching accounts to try and essentially control or sway the news," Michael Raggo, chief research scientist at ZeroFOX, a Baltimore-based social media security firm, told SC Media in an emailed statement on Monday. "Twitter has become intertwined with our society and culture – with individuals turning to the platform to communicate, collaborate and stay informed on a global scale."

If a hacker can overtake a credible profile and blast out provocative or false messages, Raggo stated, it could trigger a knee-jerk public reaction impacting stock markets, threatening national security or even possibly sparking military tension. "Everyone in today's always-connected society must be maintaining a high-level of security awareness, especially media companies as they serve as news mouthpieces of our nation."

Further, as accounts continue to be hijacked, Raggo added, organizations need to enforce the same password policies as they do for the rest of their enterprise, in particular two-factor or two-step verification.