Spammers have recently hacked the account of Twitter phenomenon
"Sh*tMyDadSays", posting a message to the popular page's 1.8
million followers. The tweet, which has since been removed, said
"wow I just got a free dell laptop LOL" and contained a shortened
link to a 'make-money-fast' website.
In the past, well known figures such as television presenter
Kirsty Allsopp, musician Axl Rose and politician Ed Miliband have
had their Twitter accounts compromised. In addition, organisations
such as the New York Times and BP America have also had their
Twitter accounts broken into by hackers.
"Of course it's serious when such a popular Twitter account has
its security breached. In theory, malicious hackers could have
posted a link to malware or a phishing site - rather than just what
appears to be a more traditional spam page," said Graham
Cluley, senior technology consultant at Sophos. "It's unclear
on this occasion whether the Twitter password was phished, whether
it was cracked through a dictionary attack or spyware, or whether
the person behind "Sh*tMyDadSays" made the mistake of using the
same password on multiple websites. Computer users should always
choose a hard-to-guess non-dictionary word as a Twitter password,
and never use the same password on multiple websites."
More information about the scam, including images and a video
that advises users on how to choose strong passwords, can be found
on Sophos's
Naked Security blog.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.