Mind your company’s old Twitter accounts, rather than allowing them to be hijacked by hackers

Graham Cluley

Mind your company's old Twitter accounts, rather than allowing them to be hijacked by hackers

Mind your company's old Twitter accounts, rather than allowing them to be hijacked by hackers

There were only 13 episodes of the science fiction TV show “Almost Human” aired before it was pulled from the schedules in 2014.

The show, starring Karl “Not the real McCoy” Urban and executive produced by J J Abrams, was cancelled after one season by Fox TV.

But, like so many TV series and films these days, “Almost Human” had a Twitter account. In fact, it has a “verified” Twitter account.

In its heyday, @AlmostHumanFOX looked like this:

Almosthuman old twitter

But, as The Next Web reports, it doesn’t look like that anymore.

Because it appears that hackers seized control of the moribund Twitter account and gave it a new lease of life promoting cryptocurrency scams.

In a screenshot published by The Next Web you can see that @AlmostHumanFox has retained its “verified” checkmark, but its display name has changed to that of Justin Sun, the boss of a Chinese blockchain startup called TRON.

Tron almosthuman

The real Justin Sun has getting close to half a million followers at @justinsuntron, and is presumably unconnected to the takeover of an unloved TV show’s old Twitter account.

My guess is that whoever has hijacked the @AlmostHumanFOX Twitter account is planning to use it to spread cryptocurrency giveaway scams – similar to those which have bedevilled other tech figures such as Elon Musk.

But I’m still bemused that the hackers managed to retain the “verified” checkmark on this hijacked Twitter account. Twitter has previously said that if a verified Twitter user changes their username they will have their verification checkmark revoked. (Clearly a sensible step to avoid malicious impersonation of online celebrities)

Shouldn’t the same protection mechanism be in place if a verified user changes their display name?

Twitter needs to look into this, as the problem of bogus users promoting scams is just getting worse.

And if you work at a company which has Twitter accounts that it simply doesn’t use any more – maybe it would be for the best if you took better care of them to avoid scammers breaking in.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Mind your company’s old Twitter accounts, rather than allowing them to be hijacked by hackers”

  1. Another good idea for them would be to not create new Twitter accounts just for a certain show; Just put it all in a Twitter account about more than a single thing.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES