Piers Morgan Twitter Hacked - How it Happened

Piers Morgan has a substantial Twitter following of 8.3 Million (to date) while also being a controversial character, he is a target to bad actors who may wish to financially gain from compromising such a large account. Due to Elon Musk's takeover the racist abuse posted on the Twitter has not been removed - however his account has been flagged internally which blacklists his account from being found in searches, and his tweets. 

You can only view his account via his page directly - this might be the type of moderation Twitter enforces in the future - when accounts post content which is viewed as offensive, so less people will see the abusive tweets.

The first Tweet is partially censored as the N-Word has been posted. The Tweets are nonsenical and the account compromised more than likely from a Teenager which may be active on BreachForums - Breach Forums is a forum where stolen data is sold or exchanged, this forum replaced RaidForums after it was seized.

So how did this bad actor compromise Piers Morgan's Twitter? 

Four days ago on BreachForums a user by the name of "Ryushi" - Posted a Thread selling Scraped Twitter Data of celebrities including emails and phone numbers. In the free sample of data Piers Morgan had his email and phone number posted. Which may indicate the compromisation was based on a SIM-Swapping Social Engineering attack. With Piers being a public figure, much of his personal information can be found online - this makes social engineering simple. 

[email protected],Piers Morgan,piersmorgan,8000666,Tue Nov 16 09:37:44 +0000 2010

However - If SIM Swapping was not a possibility, Piers personal email address had multiple data breaches, which utilised the same password. This could have been re-used on either his email, or Twitter itself.

data: [email protected]:tierr***

Piers password has been partially censored - so this data is not misued. It is also possible that BT could have been social engineered to reset the password to the email. After 15 hours to date, Piers Morgan has not been able to recover his Twitter account, this could indicate that multiple accounts were compromised, to prevent him being able to regain access. 

After reviewing Piers Morgan's BT Email his account has been flagged as "compromised" - which explicity shows that multiple attack surfaces are being targetted by bad actors to infiltrate Pier's personal email and data.