Did the Huffington Post have its Twitter account hacked?

by Graham Cluley on January 3, 2010 | Comments Off

Filed Under: Social networks, Twitter, Video

Warnings spread like wildfire across Twitter today, suggesting that the popular Huffington Post blog had fallen victim to hackers, who had managed to break into its Twitter account and post offensive messages.

Sure enough, if you visited the @HuffPostNews Twitter account there were plenty of unsavoury messages, many seemingly posted by someone sympathetic to right wing politics.

Here's a video I made about the incident:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

However, you shouldn't always be quick to jump to conclusions.

I noticed that the @HuffPostNews account only had about 1900 Twitter followers - a surprisingly low number for a blog so popular. What was more, the Huffington Post's own website points to a Twitter account called (imaginatively) @huffingtonpost, which has a somewhat more impressive half a million-or-so devoted fans.

Yes, it does look like a Twitter account was hacked - but it wasn't necessarily one belonging to the Huffington Post. Anybody can create an account on Twitter and call it pretty much whatever they like. My guess is that someone created an account on Twitter called @HuffPostNews and used the rather natty Twitterfeed service to automatically tweet the latest headlines from the real Huffington Post's RSS feed.

Some 1900 or so other Twitter users innocently followed the @HuffPostNews account, believing it to be the real Huffington Post - and it didn't matter that it wasn't until the account was hacked and offensive messages began to be posted.

The good news is that the hacked account was used for posting juvenile messages rather than for spreading spam or malicious links, and Twitter now appears to have suspended the account.

But there's a couple of lessons for all of us here:

1. Don't believe that just because a Twitter account claims to be a person or a particular organisation that it definitely is.

2. Ensure that you are properly defending your Twitter account by choosing strong passwords, not sharing them with third party websites, and running up-to-date security software on your computers.

Tags: , , , , , ,

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.