With a lot of Twitter accounts lying dormant, hackers using a decade-old flaw are taking control of them to spread Islamic State (IS) propaganda, according to a TechCrunch report. Though Twitter claims to have suspended many of these accounts, some are still active, and tweeting messages supporting violence.

The report said the hackers were exploiting Twitter’s legacy lack of email confirmation to take control of the dormant accounts that had been inactive for years.

In June 2018, Twitter introduced the requirement of confirming new accounts through an email address or phone number. Many older accounts are still unconfirmed. With email addresses used to resgister these accounts either non-existent or having expired, hackers are taking control of these dormant Twitter accounts by creating these email addresses.

Many of the hijacked accounts were found to be spreading propaganda, but were later suspended from the service, the report said, adding that the hackers often didn’t bother to change the bios on the account.

“The hijacked accounts we reviewed included Arabic-speaking videos of Islamic State fighters wielding weapons and other curated content. Others simply contained text — also in Arabic — that praised violence and other attacks, or retweeted other accounts,” said the TechCrunch report.

Responding to the issue, Twitter said it was trying to find a solution.

“Reusing email addresses in this manner is not a new issue for Twitter or other online services,” a Twitter spokesperson told TechCrunch, adding: “For our part, our teams are aware and are working to identify solutions that can help keep Twitter accounts safe and secure.”

Since August 2015, Twitter has removed over 1.2 million accounts that promoted terrorism.