Kevin Bacon has his Twitter hacked - six degrees leads to something phishy

Kevin BaconOnline criminals hijacked the Twitter account of Hollywood actor Kevin Bacon earlier this week, in an attempt to steal the passwords of the star's hundreds of thousands of followers.

Bacon, who is probably almost as well known for the "Six degrees of Kevin Bacon" trivia game as he is for his prolific movie career, had his Twitter account hacked on Sunday, when it began to post messages designed to entice readers into clicking on a dangerous link to discover more.

Did anyone see this? She is way too young for that [LINK]

Phishing tweets on Kevin Bacon's account

If you did find yourself clicking on the link, whose true destination had been hidden by use of the bit.do (not to be confused with bit.ly) URL shortener, you would find your browser had taken you to what appeared to be a Twitter login page.

Kevin Bacon phishing page

Of course, careful examination of the URL in the browser's address bar reveals that it's not a page hosted on Twitter's own servers.

If you did make the mistake of entering your username and password at this point, you would have handed over your login credentials to online criminals - who could later exploit them to compromise your own account, and perhaps send spam messages or malicious links to your friends and followers.

The good news is that Kevin Bacon appears to have realised that the unauthorised tweets had been sent from his account pretty quickly, and posted a message apologising to fans and saying that he had changed his password.

Kevin Bacon apologises

Kevin Bacon says his new password is EggsN'. Geddit?

An obvious question is how was Kevin Bacon's Twitter account hacked. Was he using the same password in multiple places (and perhaps hacked elsewhere)? Or did he himself fall for a phishing attack?

I was interested to see Eduard Kovacs of Softpedia note that despite apologising to his followers for the phishing messages, Kevin Bacon still hasn't actually removed them from his Twitter page.

Maybe he would be sensible to take a little less time making bad puns, and put a little more effort into cleaning up the dangerous links that the phishers have left lying around. After all, a Twitter hacking is no yolk. [Sorry, I'm so sorry]

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

No comments yet.

Leave a Reply