Popular Twitter account - Sh*tMyDadSays - hacked by spammers, Sophos reports

November 10, 2010 Sophos Press Release

Spammers have recently hacked the account of Twitter phenomenon "Sh*tMyDadSays", posting a message to the popular page's 1.8 million followers. The tweet, which has since been removed, said "wow I just got a free dell laptop LOL" and contained a shortened link to a 'make-money-fast' website.

In the past, well known figures such as television presenter Kirsty Allsopp, musician Axl Rose and politician Ed Miliband have had their Twitter accounts compromised. In addition, organisations such as the New York Times and BP America have also had their Twitter accounts broken into by hackers.

"Of course it's serious when such a popular Twitter account has its security breached. In theory, malicious hackers could have posted a link to malware or a phishing site - rather than just what appears to be a more traditional spam page," said Graham Cluley, senior technology consultant at Sophos. "It's unclear on this occasion whether the Twitter password was phished, whether it was cracked through a dictionary attack or spyware, or whether the person behind "Sh*tMyDadSays" made the mistake of using the same password on multiple websites. Computer users should always choose a hard-to-guess non-dictionary word as a Twitter password, and never use the same password on multiple websites."

More information about the scam, including images and a video that advises users on how to choose strong passwords, can be found on Sophos's Naked Security blog.