Sophos: Popular Twitter account - SH*TMYDADSAYS - hacked by Spammers
November 2010 by Sophos
Spammers have recently hacked the account of Twitter phenomenon "Sh*tMyDadSays", posting a message to the popular page’s 1.8 million followers. The tweet, which has since been removed, said “wow I just got a free dell laptop LOL” and contained a shortened link to a ‘make-money-fast’ website.
In the past, well known figures such as television presenter Kirsty Allsopp, musician Axl Rose and politician Ed Miliband have had their Twitter accounts compromised. In addition, organisations such as the New York Times and BP America have also had their Twitter accounts broken into by hackers.
“Of course it’s serious when such a popular Twitter account has its security breached. In theory, malicious hackers could have posted a link to malware or a phishing site - rather than just what appears to be a more traditional spam page,” said Graham Cluley, senior technology consultant at Sophos. “It’s unclear on this occasion whether the Twitter password was phished, whether it was cracked through a dictionary attack or spyware, or whether the person behind “Sh*tMyDadSays” made the mistake of using the same password on multiple websites. Computer users should always choose a hard-to-guess non-dictionary word as a Twitter password, and never use the same password on multiple websites.”