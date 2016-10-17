Half an hour later, the tweets, which linked to adult websites were deleted.

Twitter account of Chief Economic Adviser (CEA) Arvind Subramanian was hacked on Monday evening.

A couple of tweets from Mr Subramanian’s account were linked to adult websites.

After half an hour, the tweets were deleted and CEA clarified: “My twitter account was hacked. My profuse apologies for the nuisance/offensive tweets that were sent out as a result.”

How does the account get hacked?

Twitter support says that accounts may become compromised “if you've entrusted your username and password to a malicious third-party application or website, if your Twitter account is vulnerable due to a weak password, if viruses or malware on your computer are collecting passwords, or if you're on a compromised network.”

Unless there is a major security breach — which generally happens when a bug in the application software has been identified and exploited — a compromised account is a result of an individual’s own action and not due to someone’s engineering skills.

Here are some ways in which an account can be hacked or tweets be posted from an account:

1. User logins to Twitter on a public computer, forgets to log out, and a bypasser gets access to the account. But, in that case, the person don’t get to know the password. It could also be a mischievous act of an insider — tweeting from Mr Subramanian’s smartphone or personal computer in his absence.

2. Phishing: Fraudulent emails ask users to click on a link and then requests for personal information or login details. Getting the user to fall for such traps is called ‘Social Engineering’.

Here is a commonly employed trick: Lead the user who clicks the email link to a clone of Twitter’s website, asking for login details in order to access a particular application. Of course, the website address is not twitter.com — if the user is careful enough to notice. Logging in for the first time will show the user ‘wrong password’ error, even if the credentials are right. It is at this step that login details are captured. Following that, the user will be directed to the actual site — twitter.com — where one can easily log in and the user won’t even get to know that the account has been compromised.

There are more tricks!

3. Saved your password in the web browser, where the password is shown behind asterisks after you log out? If yes, then someone with basic HTML skills, who has access to your computer, will take less than 30 seconds to see your password. By right clicking on the password box and clicking ‘Inspect Element’, one can change the password in asterisk to plain text — leaving your password exposed.