Skip to main content

The British army socials hack: what happened?

In early July, the British army confirmed that two of its social media accounts had been breached; their Twitter, and YouTube accounts. We’ve taken a look at the hack and what it can teach us about security.

What happened to the British army socials?

The first weekend of July, the British army’s Twitter and YouTube were hacked. Their Twitter account name was changed to ‘psssd’ with its profile picture and banner were changed to images of NFT’s (non-fungible token). Their YouTube had been changed to ‘Ark Invest’, an investment business from Florida. By Sunday, control of these accounts had returned to the British army.

The commonality between both of these account changes appeared to be that they were endorsing cryptocurrency scams; encouraging followers to invest in fake online currencies. The cryptocurrency market crashed significantly in May 2021, with the value of NFT’s reaching a 12-month low in June.

A calculated attack, or a harmless hack?

In 2013, the British armed forces were told that they could be ‘fatally compromised’ by a concentrated cyber attack, and that the security of their computer systems needed to be improved by the government.

In January of this year, a cyber-attack was carried out against the UK’s Defence Academy, resulting in ‘significant’ damage. As such, the British army socials hack at the beginning of July is second cyber attack on the UK armed forces in six months. 

Although the January cyber attack and the July cyber attack were very different, both in terms of intention and damage caused, it does indicate that cybersecurity cannot be overlooked. Although the British army socials hack didn’t appear to be the work of terrorist organisations, it clearly could have caused extensive damage had the hackers’ intentions been different.

How did the British army socials hack happen?

We aren’t sure how these hacks occurred, as very little information has been provided by the British army. However, the cyber attack does raise a number of questions around the kind of security used for these social media accounts. Were the passwords for these accounts guessed or discovered? Were these accounts protected by two factor authentication? And how were both hacked in unison?

We are unlikely to get the answers to these questions, and of course, this cyber attack may be far more elaborate than we are aware of. However, this hack does serve to remind us about the importance of cyber-security, secure passwords, and the importance of multi-factor authentication.

Cybersecurity, and two factor authentication

At minimum, Twitter and YouTube require an email address and a password to sign in. Additionally, both applications offer two factor authentication, whereby a person signing into their account has to provide an additional piece of information, such as a biometric like TouchID or FaceID, or a security key sent to a smartphone.

When two-factor authentication is turned off, accounts which use a password and an email account to log in are vulnerable to a number of cyber attacks. These include credential stuffing, where a hacker finds account details from a poorly protected website the victim has signed up to, and tries the same details in other websites. Accounts can also be vulnerable to password spraying, where the most popular passwords are tried against a victim’s email address to see if one of them works.

By turning on two factor authentication, users can completely eliminate the potential for these cyber attacks. Although this won’t protect your accounts entirely, it will make it much more difficult for a hacker to access your account. 

Turn on two factor authentication

It isn’t possible to be unhackable, but we can make use of all of the security features made available to us by turning on two factor authentication wherever possible. Take the extra time to protect your account details, and you’ll save time recovering from a hack in the future.

Keep your staff safe with U-Secure

If you’re running a business and you’re worried about cyber security, it’s worth considering U-Secure. U-Secure provides cyber security training to your employees, consisting of short training courses and quizzes to educate them about common security scams, to test their understanding. 

Courses are ten minutes long, and are emailed to employees automatically. The results are recorded for your organisation, so that businesses can see how educated they are, and which employees need help or further training in order to protect themselves and your organisation.

As a U-secure partner Transcendit offers a 30-minute demo of the software, so we can talk you through how it works and get it set up for your business.

Prioritise cyber security, and give us call us on 0191 482 0444 to try out U-Secure


The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
As always the support team are efficient and effective. Darlington Golf Club

Based on 11207 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 17-January-2024

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.

Transcendit is a Living Wage employer
Transcendit is a Microsoft Gold certified partner
VMWARE partner
Vipre partner
IPCortex partner
WithSecure partner
DELL partner
Barracuda partner
Veeam partner
N-Able partner