Hack of Hyatt Twitter account by Acai Berry spammers is a warning for us all

Filed Under: Featured, Social networks, Spam, Twitter

Hyatt and acai berriesAs more and more businesses embrace social media to promote their brands and provide services to their customers, there's obviously a need to keep those accounts secure.

After all, if - for instance - a branded Facebook page is hacked you might find that thousands of your online "fans" are suddenly on the receiving end of scams, spams, or posts simply designed to damage your company's reputation.

The point was brought home rather well this weekend, when a Twitter account associated with the Hyatt hotel chain was briefly compromised by spammers:

Hyatt Twitter account hacked

The message sent out from the Hyatt Concierge account, claimed to offer a miraculous way to lose weight with Acai berries.

An amazing new weight loss product! It worked for me and I didnt even change my diet! [LINK]

If you were tempted by the apparent recommendation by Hyatt for a diet and visited the link, this is what you would see:

Acai Berry diet website

Regular readers of Naked Security will be all too familiar with the design of the Acai Berry website, as similar sites have been linked to by spammers and scammers many times in the past, hoping to earn affiliate cash by driving traffic. Sites like this pretend to be news websites, but in fact are nothing of the sort.

Fortunately, a quick perusal of the @HyattConcierge Twitter account shows them to be doing a great job generally in terms of customer service, helping customers with their questions.

Sure enough, they seem to have also been quick in warning their followers to not click on the link - posting a message within an hour of the account being compromised. (Although personally, I think it's preferable to both issue a warning and remove the offending tweet).

So, always be careful about the links that you click on - even if they appear on the Facebook pages or Twitter accounts of companies who you trust. It's always possible that someone else has posted in their name.

And if you work for a business which is promoting its brand online, or providing assistance to customers, make sure that you take security seriously - use unique hard-to-crack passwords, be careful what applications you grant access to your social media accounts, control how many staff have access to the account and keep your computers up-to-date with the latest security software and patches.

Social networking sites like Twitter and Facebook could do their part to help protect businesses' online presence too.

For instance, isn't it time that there was better security available to accounts which have a large number of followers, or well-known companies?

Twitter login username and password

Just a username/password combination isn't enough when a social media account is an important part of your business or public image.

I, for one, would like to see Twitter and other social media sites offer an additional level of authentication for those who want to better defend their accounts. I fear that, unless that happens, we will continue to see high profile accounts hacked and brands damaged as hackers run rings around them.

, , ,

You might like

3 Responses to Hack of Hyatt Twitter account by Acai Berry spammers is a warning for us all

  1. Robert Gracie · 922 days ago

    Not the Acai Berry scammers again they are so annoying!!

  2. Pig · 922 days ago

    Some afternoon when you have nothing better to do, anger the acai berry mob.

    I prefer two-factor authentication. Something you know, plus something you have. I think Gmail's implementation, while a tad cumbersome, is pretty darned good.

  3. Sarah · 904 days ago

    My Twitter account was compromised due to the "Acai Berry Spam" just today. The first thing I did was change my password, but that didn't help. As soon as I logged in with the new password another tweet about Acai Berry had been posted by the hackers. Thankfully I didn't use that password on any of my other accounts. Just to be safe, I changed all my passwords :) I believe my account may have been compromised before this though. These past few weeks I have received the same Direct Message from all of my followers telling me someone was spreading rumors about me. These messages included a link, but I did NOT click it knowing it wasn't a good idea. The way I see things, Twitter either needs to up their security or needs to be shut down for good.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.