Online criminals hijacked the Twitter account of Hollywood actor Kevin Bacon earlier this week, in an attempt to steal the passwords of the star’s hundreds of thousands of followers.
Bacon, who is probably almost as well known for the “Six degrees of Kevin Bacon” trivia game as he is for his prolific movie career, had his Twitter account hacked on Sunday, when it began to post messages designed to entice readers into clicking on a dangerous link to discover more.
If you did find yourself clicking on the link, whose true destination had been hidden by use of the bit.do (not to be confused with bit.ly) URL shortener, you would find your browser had taken you to what appeared to be a Twitter login page.
Of course, careful examination of the URL in the browser’s address bar reveals that it’s not a page hosted on Twitter’s own servers.
If you did make the mistake of entering your username and password at this point, you would have handed over your login credentials to online criminals - who could later exploit them to compromise your own account, and perhaps send spam messages or malicious links to your friends and followers.
The good news is that Kevin Bacon appears to have realised that the unauthorised tweets had been sent from his account pretty quickly, and posted a message apologising to fans and saying that he had changed his password.
Kevin Bacon says his new password is EggsN'. Geddit?
An obvious question is how was Kevin Bacon’s Twitter account hacked. Was he using the same password in multiple places (and perhaps hacked elsewhere)? Or did he himself fall for a phishing attack?
I was interested to see Eduard Kovacs of Softpedia note that despite apologising to his followers for the phishing messages, Kevin Bacon still hasn’t actually removed them from his Twitter page.
Maybe he would be sensible to take a little less time making bad puns, and put a little more effort into cleaning up the dangerous links that the phishers have left lying around. After all, a Twitter hacking is no yolk. [Sorry, I’m so sorry]