Popular Twitter account - Sh*tMyDadSays - hacked by spammers, Sophos reports

Sophos Press Release

Poor password security?

Spammers have recently hacked the account of Twitter phenomenon "Sh*tMyDadSays", posting a message to the popular page's 1.8 million followers. The tweet, which has since been removed, said "wow I just got a free dell laptop LOL" and contained a shortened link to a 'make-money-fast' website.

In the past, well known figures such as television presenter Kirsty Allsopp, musician Axl Rose and politician Ed Miliband have had their Twitter accounts compromised. In addition, organisations such as the New York Times and BP America have also had their Twitter accounts broken into by hackers.

"Of course it's serious when such a popular Twitter account has its security breached. In theory, malicious hackers could have posted a link to malware or a phishing site - rather than just what appears to be a more traditional spam page," said Graham Cluley, senior technology consultant at Sophos. "It's unclear on this occasion whether the Twitter password was phished, whether it was cracked through a dictionary attack or spyware, or whether the person behind "Sh*tMyDadSays" made the mistake of using the same password on multiple websites. Computer users should always choose a hard-to-guess non-dictionary word as a Twitter password, and never use the same password on multiple websites."

More information about the scam, including images and a video that advises users on how to choose strong passwords, can be found on Sophos's Naked Security blog.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.