BK Hack Triggers Twitter Password Smackdown

  /     /     /  
Publicated : 22/11/2024   Category : security


BK Hack Triggers Twitter Password Smackdown


Operation Whopper takeover of Burger King and Jeep Twitter accounts, and spoof hacks by MTV and BET, trigger Twitters friendly reminder to use strong passwords.



Whopper alert: The king had sold out to the clown.
We just got sold to McDonalds! Look for McDonalds in a hood near you, read a tweet -- since deleted -- that was posted to the official Burger King Twitter page, which was also changed to sport a McDonalds logo.
In fact, the
merger between BK and McDonalds
turned out to be nothing more than a bit of online
lulz
, as part of what an unidentified group of hackers provocatively dubbed OpMadCow and OpWhopper. The same group hacked into the official Twitter account for Chrysler division Jeep, issuing this tweet: The official Twitter handle for Jeep -- Just Empty Every Pocket, Sold To Cadillac.
The hacking of the Burger King and Jeep accounts led Twitters director of information security, Bob Lord, to issue a
friendly reminder about password security
in a blog post Tuesday, thus suggesting that the Twitter accounts were hijacked thanks to users poor password hygiene practices.
Lord said to beware suspicious links, not share usernames and passwords with others, keep operating systems and antivirus patched and up to date, and pick strong passwords. Your password should be at least 10 characters that include upper and lower case characters, numbers and symbols. You should always use a unique password for each website you use; that way, if one account gets compromised, the rest are safe, he said.
[ Attend
Interop Las Vegas
, May 6-10, and get the most thorough training on Apple Deployment at the NEW Mac & iOS IT Conference. Use Priority Code DIPR02 by March 2 to save up to $500. ]
But the account hijackings, and Lords anodyne security response, raise the question of whether Twitters own information security model is strong enough to secure corporate accounts. Chrysler, for its part, regained control of the Jeep account roughly 80 minutes later. Hacking: Definitely not a #Jeep thing. Were back in the drivers seat! read a Jeep tweet.
Meanwhile, in a metaphysical pop culture turn, the Burger King and Jeep account hacks led MTV and BET -- both owned by Viacom -- to swap the corporate logos on their respective Twitter account pages and claim that they too had been hacked. We totally Catfish-ed you guys. Thanks for playing! read a
tweet from MTV
, referring to its own
Catfish
TV show, in which participants learn whether people theyve met online are telling the truth about their identity.
When asked whether the fake hijacking might have violated Twitters terms of service, a spokeswoman replied via email, We dont comment on individual accounts. But she also pointed to Twitters
terms of service
and
rules
, which on the subject of impersonation state: You may not impersonate others through the Twitter service in a manner that does or is intended to mislead, confuse or deceive others.
Publicity stunts aside, who was behind the real hacks? That remains unclear, although whoever was responsible
referenced Chicago rap
while giving shout-outs to the Defonic Team Screen Name Club (DFNCTSC), who
hacked Paris Hiltons T-Mobile Sidekick
in 2005. But when asked if that group was behind the BK account takeover, the gang controlling the Twitter feed replied, nope #lulzsec foo[l], referring to the Anonymous spin-off known as
LulzSec
.
Suspicion also fell on YourAnonNews, which reported the Jeep breach, but its denied any responsibility for the account takeover. Dear media, re: @Jeep. #BlameAnonymous, read a
tweet from YourAnonNews
.
These are far from the first-ever Twitter account takeovers, which have previously affected everyone from
Fox News
and
Israeli government officials
to
journalist Mat Honan
, who was life hacked as part of one hackers successful quest to seize control of Honans Twitter feed.
The Burger King account takeover hardly counts as a national security matter, especially in a week when new evidence has further suggested that
China is fielding APT groups
;
Apple, Facebook and Twitter
appeared to have been compromised by the same group of attackers; and the White House issued a new strategy against online criminals who target trade secrets.
But Twitters password advice begs the question of when the social network might improve the security options it offers users. Why not start by moving beyond mere passwords to
catch up with Google
and
Dropbox
and finally offer two-factor authentication? The companys moves in that direction were recently suggested when a
Twitter job listing for a software engineer
listed multi-factor authentication skills as a requirement.
When asked about Twitters two-factor authentication plans, however, a Twitter spokeswoman said via email Thursday: We dont have anything specific to share on this.

Last News

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
BK Hack Triggers Twitter Password Smackdown