Posts Tagged ‘hacked on twitter’
2013 was a great year for social media but a somewhat forgettable one for online security, with a series of high-profile software glitches and exploits causing a lot of damage, both in reputations and finances, throughout the year.
If your Twitter profile has been behaving in a strange way and doing things like sending our tweets you didn’t write, following other users you didn’t authorise and telling everyone you know about the latest amazing diet tips and must-see celebrity nudity, chances are your account has been exploited.
You’ve likely heard about Buffer’s hacking incident this past weekend, during which a security breach caused 30,000 Buffer users who had a Facebook page connected (6.3% of Buffer users on Facebook) to have spam posted on their behalf to their followers, and affected a considerable amount of Buffer Twitter users as well.
The Buffer team has now determined the method which left their data vulnerable, and locked and secured it against future hacking. But all Buffers users who have their Twitter account connected to their Buffer profile must take the following step in order to continue using Buffer.
There has been a flurry of twitter account hacks recently, what with our neighborhood villains over at the Syrian Electronic Army phishing every media outlet in the Western pond. NPR, BBC, Associated Press, and even The Onion (is nothing sacred?) have all fallen victim to their hacktivist wiles.
The good news: In response to the AP hack that sent the stock market for a loop nearly a month ago, Twitter has instigated a brand-new two-step authentication option that makes it much harder for hackers to worm their way into Twitter accounts. But how many of our nation’s celebrities had to suffer before this new and improved system was put into effect? Well, a bunch of them. Read on to find out what hackers had to say when they assumed the voices of America’s sweethearts and rock stars in 140 characters or less.
Twitter’s good for many things, but in particular the popularity of the micro-blogging network with celebrities has meant that it’s been particularly resourceful for hackers looking to exploit the accounts of the rich and famous to spread malicious scripts and unsavoury messages amongst their millions of fans.
Axl Rose, Britney Spears, Lil Wayne and Ashton Kutcher have all been the victims of a hacked Twitter profile in the past. And now, reports Graham Cluley at Sophos, the latest member of this club is British comedic actor Simon Pegg.
Remember the days when Ashton Kutcher (@aplusk) ruled the Twitter roost as the most-followed (and by definition, most popular) user on the network? Kutcher will always hold a very important milestone as the first profile to reach one million followers.
Well, times change, and Kutcher is rapidly on his way out of Twitter’s top 10 most-followed accounts. Give it a few months, and he’ll be gone.
And if all that wasn’t bad enough for Ashton, now his Twitter profile has been hacked. And the exploiter’s messages have been retweeted by hundreds of people.
Kutcher, who is currently attending TED 2011, appears to have been hacked by somebody with a very firm agenda – namely, Twitter’s insistence on using non-secure encryption for user sessions. Which in plain English means that while they maintain this level of security,Â everybody is at risk of being hacked, certainly if you access Twitter whilst out and about.
As senior technology consultant (and online security maestro) Graham Cluley explains at Naked Security:
Tools such as Firesheep make it child’s play for anybody sitting close to you to jump onto your Facebook or Twitter session if you’re using unencrypted WiFi without an SSL connection, for example at a free WiFi hotspot.
Wouldn’t it be great if Twitter forced the use of HTTPS at all times? Clearly whoever hacked into Ashton Kutcher’s Twitter account feels the same.
The insecure Twitter and Facebook accounts of some celebrities offer a very tempting target for cybercriminals who may wish to spread their dangerous or spammy links to millions of followers. We should just be grateful that on this occasion the hack appears to have taken place to promote better awareness of the need for better security, rather than with more malicious intent.
8 hours later, Kutcher’s account still appears to be hacked, as the messages are intact and nobody is doing anything about it. How embarrassing, especially whilst at such a high-profile, super-intellectual think-tank as TED. And you have to wonder if this would have taken so long to repair if Ashton was still Twitter’s top dog.
(Hat tip: Graham Cluley.)
Over at the official Twitter blog, there’s news of a new internal URL shortener that Twitter has added to the platform.
The shortener, twt.tl, cannot be accessed directly at the moment. Instead, Twitter plans to route all submitted URLs through this new service so that it can “detect, intercept, and prevent the spread of bad links across all of Twitter”, adding that even if a link is shared by a different method (i.e., email notification), they will be able to keep the user safe.
Since these attacks occur primarily on Direct Messages and email notifications about Direct Messages, this is where we have focused our initial efforts. For the most part, you will not notice this feature because it works behind the scenes but you may notice links shortened to twt.tl in Direct Messages and email notifications.
It’s worth noting that when you see a URL shortened to twt.tl it doesn’t mean that the contents of that link are bad. One assumes that when malicious data is contained within a link, Twitter will simply re-route the user through to a stop page that prevents them from being affected, hopefully with an explanation as to what happened, alongside some encouragement not to retweet.
More details as they emerge.