Britney Spears isn't dead - but her TwitPic *is* hacked

Filed Under: Social networks, Twitter

She may very well be the name associated with more spam, virus and hack attacks than anyone else in history. Yes, step aside Paris, Angelina and Bill, my guess is that the name that hackers choose to exploit for their own ends more than any other is Britney Spears.

In a tasteless stunt that was seen by her two million followers earlier today, a hacker managed to post the following message to Britney Spears's Twitter stream earlier today:

Britney has passed today. It is a sad day for everyone. More news to come.

Britney's Twitter page announces that she has died

Interestingly, the fake story of Britney's death was posted to her Twitter followers via the TwitPic service, which automatically forwards messages to the associated Twitter account. There are a number of ways in which you can post a message on TwitPic - which is then echoed on Twitter - including logging on to the service or sending a picture to a unique email address.

It's possible that that last method of updating TwitPic may be the prime suspect in this case, as
the service just tweeted that they have fixed a vulnerability with their email posting functionality. There certainly has been a concern in the past that TwitPic relies upon a four digit PIN that could be cracked through brute force.

That would mean that I could post a message (and TwitPic link) on Britney's Twitter page if I could crack her four digit PIN and use it to email britneyspears.XXXX@twitpic.com (where XXXX are the four digits). That certainly doesn't seem like very good security.

The picture on Britney Spears's TwitPic account and the fake post to Twitter have since been deleted, but followers of the popstar have been reassured that she has not died by the following update on the micro-blogging service:

Post on Britney Spears Twitter account about being hacked

The Twitter accounts of fellow celebrities Ellen DeGeneres and Diddy (also known as P Diddy or Puff Daddy or even Sean Combs - can't he make his mind up? Does he keep changing his name in an attempt to avoid income tax?) are also said to have published similar messages about their owner's demise.

I guess that the millions of people who follow these celebrities on Twitter have to be grateful that all that they saw was a sick prank by hackers, rather than put in danger by being exposed to a malicious link to a website containing malware or a phishing page.

Curiously, Lindsay Lohan claimed last week to have also been on the receiving end of a hacker after someone posted a controversial picture on her TwitPic account (which was retweeted widely on Twitter).

However, Britney's latest hack occurred - one thing is pretty clear. It's a pretty sick and tasteless joke. When I saw her Twitter feed had been tampered with it reminded me of how MacWorld's news feed got hacked in January in an equally tasteless stunt, claiming that Steve Jobs had died.

, , ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.