The Twitter accounts of Eamonn Holmes, Louis Theroux, and several other celebrities briefly shows messages saying they had been taken over by Insinia Security last week, as the firm tried to prove to the social media platform that it was easy to bypass their security features.
In a blog post, Insinia said it managed the feat by analysing the way Twitter handles messages posted by phone, as simply knowing a user's phone number can be enough to gain access to their account.
The security firm went on to claim they have warned Twitter about this feature on multiple occasions to no avail.
But the firm has received backlash for their methods in publicising the issue, as travel journalist Simon Calder, who had his account hacked, told the BBC the attack had been done without his permission, and described it as a "tedious" and "annoying" experience that had left him feeling unimpressed.
One cyber security expert claimed that whilst it is often normal practice for a company to hack their own accounts for "proof of concept", it shouldn't be done on unaware members of the public.
Professor Alan Woodward from the University of Surrey said: "Interfering with many people's accounts in this way is irresponsible.
"As frustrating as it might be for the researchers in question when Twitter maintain this functionality that can be abused, unauthorised interference with accounts is unacceptable."
But Insinia insist there was nothing "malicious" about their hacking, and they only had "passive interaction" with the Twitter accounts.
Mike Godfrey, chief executive of Insinia said: "Nothing has been maliciously hacked. We have not had access to any Twitter account and have not seen any of their direct messages. There's nothing unethical or irresponsible about what we did."