Site icon Sophos News

Ringo Starr’s Twitter account hacked (peace and love)

Ringo Starr is the latest celebrity to have his Twitter account hacked.

The account, @ringostarrmusic, famously eschews correct punctuation and other grammatical niceties, goes large on the emojis, and includes the words peace and love in almost every tweet:

Occasionally, an entire tweet may be emojis, but two of them will stand in for the text love and peace:

The hack was rather obvious, as the tweets reverted to a much plainer form (and were much less interesting, if the truth be told):

Order, or perhaps ordered disorder, has now been restored, and the interloper’s tweets have gone.

We can smile at this hack now, but not all of us could roll with a hacker’s punches quite as effortlessly as Ringo, and not all hackers would be quite so obvious once they’d achieved their goal.

LESSONS TO LEARN

There are some important lessons to be learned here.

Apparently, a marketing person at Ringo’s music company had his email account compromised, meaning that the hacker could read incoming emails to that account.

The owner of the email account had access to Ringo’s Twitter, so the crook was able to perform a password reset on the Twitter account, intercept the email containing the link to approve the reset, and jump right in.

Having reset the password on the Twitter account, the intruder was able to set his own password, and go into @ringostarrmusic’s profile and change the email address…

…thus preventing the victim from getting back in and regaining control of the account.

What this means, of course, is that the security of your email account is paramount.

Generally speaking, once a crook controls your email account, he controls many, if not all, of your other important accounts.

In other words, losing control of your email account doesn’t just put you at risk of the crooks learning all about you, and perhaps contacting your customers to organise payment scams. (That’s where a crook sends messages from your email address to tell a debtor to start using a different bank account for payments.)

It often give the crooks control over resetting the password on all your other accounts.

In the @ringostarrmusic case, the hacker claims to have got past two security questions required to reset the victim’s email password.

Security questions are those secondary passwords that you don’t need often, and so aren’t supposed to be easy for a crook to shoulder-surf, or key-log, or acquire in some other way.

Here, however, the hacker says that all he needed was the marketing person’s birthday and his nephew’s name, both of which could be found on Facebook.

WHAT TO DO?

LEARN MORE ABOUT 2FA

(Audio player above not working? Download MP3, listen on Soundcloud or access via iTunes.)


Exit mobile version