ShitMyDadSays is hacked on Twitter

Filed Under: Social networks, Spam, Twitter

Shit My Dad Says
Spammers have managed to hack the account of Twitter phenomenon "ShitMyDadSays", posting a message to the popular page's 1.8 million followers.

The tweet, which has since been removed, said:

wow I just got a free dell laptop LOL <LINK>

Hmm.. It strikes me that there's only word for such a security breach: Sh*t.

Clicking on the link, which at the time of writing is still active, currently redirects users via bit.ly to a "make-money-fast" website:

Website pointed to by ShitMyDadSays spam

We have informed bit.ly of the spammer's link - and hopefully it will be shut down shortly.

In the past, well known figures such as Lindsay Lohan, Guns n' Roses' Axl Rose, John C Dvorak and Britney Spears have had their Twitter accounts compromised. In addition, organisations such as the New York Times and BP America, have had their Twitter accounts broken into by hackers.

We've also seen other "working from home" scams distributed via Twitter in the past. It's unlikely that this will be the last.

You'll notice in the above screenshot it refers to the town of Witney in the headline. That's probably because the page is doing a GEO-IP lookup to try and tailor the content to be more of interest to me (I'm sitting not a million miles away from that British town).

Of course, it's quite serious when such a popular Twitter account has its security breached. In theory, malicious hackers could have posted a link to malware or a phishing site - rather than just what appears to be a more traditional spam page.

Justin Halpern, the owner of the ShitMyDadSays Twitter account, has now deleted the offending tweet, and posted an apology to his followers.

It's unclear whether his Twitter password was phished, whether it was cracked through a dictionary attack or spyware, or whether he made the mistake of using the same password on multiple websites.

Don't forget, you should always choose a hard-to-guess non-dictionary word as your Twitter password, and never use the same password on multiple websites.

Watch this video if you don't yet know how to choose a strong unique password for your different logins.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

, ,

You might like

5 Responses to ShitMyDadSays is hacked on Twitter

  1. Nick · 1349 days ago

    Or, for those of us who get confused with all that calculating of passwords, you could buy a roboform2go usb or an Ironkey. Simple to use but has complex passwords against those nasty keyloggers.

  2. Rototechno · 1349 days ago

    Doesn't it make more sense that someone sidejacked his Twitter session with Firesheep?

  3. Alan · 1349 days ago

    @Rototechno. No. Why would you think that? Firesheep is only effective against insecure wireless connections. We have no evidence that the victim was using wireless, and even less evidence he was running unencrypted. Don't overestimate the Firesheep threat (which is really the insecure network, HTTP-cookie-sniffing threat).

  4. Chris · 1348 days ago

    Graham,

    Please create a follow-up password video - I want to see the sequel!

    -Mr. Brady

  5. PhilCat · 1243 days ago

    Darnit, 'ShitMy Dad Says' was one of the best hits I found there a couple years ago. He appeared on Leno as well.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.