My Twitter was hacked, claims John McAfee

Graham Cluley

My Twitter was hacked, claims John McAfee

My Twitter was hacked, claims John McAfee

I can’t begin for one minute to imagine what it must feel like to be John McAfee.

He founded one of the world’s most famous security companies, disguised himself as a Guatemalan trinket salesman while on the run from the Belize police who wanted to question him about a murder, claimed he ran a team of 23 women to seduce and spy on his enemies in Belize, put himself forward as a possible candidate for the US Presidency in 2016, and said he would use “social engineering” to determine the iPhone passcode of one of the (dead) San Bernadino killers.

I could probably fill umpteen more paragraphs detailing the publicity-shy John McAfee’s colourful tales and unorthodox life.

So, what to make of his latest claim that his Twitter account was hacked?

John Mcafee tweet

McAfee’s “urgent” tweet came after a series of messages were posted to his account, encouraging his half a million followers to purchase lesser-known cryptocurrencies.

Coin of the day

The real John McAfee is no stranger to tweeting about which cryptocurrency his followers should invest in, so the “hacker” certainly wasn’t entirely clueless about how to blend in with the security veteran’s regular postings.

McAfee subsequently deleted the offending tweets, and claimed that “most likely” his mobile phone was compromised.

If we are to believe John McAfee, he’s a frequent target for hackers. And apparently it’s Twitter’s fault, not his.

“Though I am a security expert, I have no control over Twitter’s security. I have haters. I am a target. People make fake accounts, fake screenshots, fake claims. I am a target for hackers who lost money and blame me. Please take responsibility for yourselves. Adults only please.”

In response, to the alleged hack, John McAfee says he has disabled two-factor authentication (2FA) on his accounts. If you ask me, that’s a truly bizarre course of action – and one that I hope other Twitter followers do not emulate, especially as the site has just enhanced its 2FA security feature to properly support third-party authentication apps.

Is John McAfee telling the truth? Or spinning a fanciful yarn about his account being hacked for his own reasons?

I imagine my guess is as good as yours.

What I do know is that John McAfee has been caught out by poor security practices in the past, only to offer some eyebrow-raising and hard-to-swallow explanations later.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

3 Replies to “My Twitter was hacked, claims John McAfee”

  1. It's a shame they didn't add after the '$BAT' a certain '$SHIT' and then '$CRAZY'. But I suspect they had their reasons.

    If I was a conspiracy theorist I would suggest he did it himself: as in he did it as a publicity stunt (nothing new), blamed Twitter (iirc nothing new to blame others) and then decided to stop giving advice (perhaps his best move yet?). That's an odd one of course, since it brings him less attention but who says conspiracy theories have to make sense? The fact he talks about disabling 2FA is also odd but that's kind of fitting for him, isn't it?

    I think the story is as mental as he is, frankly.

    Happy New Year btw. :) Long time it's been but hope you're doing well. I am doing superb although I still don't think I'll be around as much – just have a lot going on in my life.

  2. It's not a new topic, 2FA has been vulnerable for a while now if talking of using it with a phone and SS7 vulnerabilities. If being done with a physical token card, that's a bit different. Only reason this is garnering attention is due to the visibility of the individual involved.

    https://www.cyberscoop.com/finally-happened-criminals-exploit-ss7-vulnerabilities-prompting-concerns-2fa/

    http://www.securityweek.com/two-factor-authentication-bypassed-simple-attacks

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES