Hack of Hyatt Twitter account by Acai Berry spammers is a warning for us all

by Graham Cluley on April 16, 2012 | 3 Comments

Filed Under: Featured, Social networks, Spam, Twitter

Hyatt and acai berriesAs more and more businesses embrace social media to promote their brands and provide services to their customers, there's obviously a need to keep those accounts secure.

After all, if - for instance - a branded Facebook page is hacked you might find that thousands of your online "fans" are suddenly on the receiving end of scams, spams, or posts simply designed to damage your company's reputation.

The point was brought home rather well this weekend, when a Twitter account associated with the Hyatt hotel chain was briefly compromised by spammers:

Hyatt Twitter account hacked

The message sent out from the Hyatt Concierge account, claimed to offer a miraculous way to lose weight with Acai berries.

An amazing new weight loss product! It worked for me and I didnt even change my diet! [LINK]

If you were tempted by the apparent recommendation by Hyatt for a diet and visited the link, this is what you would see:

Acai Berry diet website

Regular readers of Naked Security will be all too familiar with the design of the Acai Berry website, as similar sites have been linked to by spammers and scammers many times in the past, hoping to earn affiliate cash by driving traffic. Sites like this pretend to be news websites, but in fact are nothing of the sort.

Fortunately, a quick perusal of the @HyattConcierge Twitter account shows them to be doing a great job generally in terms of customer service, helping customers with their questions.

Sure enough, they seem to have also been quick in warning their followers to not click on the link - posting a message within an hour of the account being compromised. (Although personally, I think it's preferable to both issue a warning and remove the offending tweet).

So, always be careful about the links that you click on - even if they appear on the Facebook pages or Twitter accounts of companies who you trust. It's always possible that someone else has posted in their name.

And if you work for a business which is promoting its brand online, or providing assistance to customers, make sure that you take security seriously - use unique hard-to-crack passwords, be careful what applications you grant access to your social media accounts, control how many staff have access to the account and keep your computers up-to-date with the latest security software and patches.

Social networking sites like Twitter and Facebook could do their part to help protect businesses' online presence too.

For instance, isn't it time that there was better security available to accounts which have a large number of followers, or well-known companies?

Twitter login username and password

Just a username/password combination isn't enough when a social media account is an important part of your business or public image.

I, for one, would like to see Twitter and other social media sites offer an additional level of authentication for those who want to better defend their accounts. I fear that, unless that happens, we will continue to see high profile accounts hacked and brands damaged as hackers run rings around them.

Tags: , , ,

3 Responses to Hack of Hyatt Twitter account by Acai Berry spammers is a warning for us all

  1. Robert Gracie says:
    April 16, 2012 at 3:02 pm

    Not the Acai Berry scammers again they are so annoying!!

    Reply Report comment
  2. Pig says:
    April 16, 2012 at 4:55 pm

    Some afternoon when you have nothing better to do, anger the acai berry mob.

    I prefer two-factor authentication. Something you know, plus something you have. I think Gmail's implementation, while a tad cumbersome, is pretty darned good.

    Reply Report comment
  3. Sarah says:
    May 4, 2012 at 7:41 am

    My Twitter account was compromised due to the "Acai Berry Spam" just today. The first thing I did was change my password, but that didn't help. As soon as I logged in with the new password another tweet about Acai Berry had been posted by the hackers. Thankfully I didn't use that password on any of my other accounts. Just to be safe, I changed all my passwords :) I believe my account may have been compromised before this though. These past few weeks I have received the same Direct Message from all of my followers telling me someone was spreading rumors about me. These messages included a link, but I did NOT click it knowing it wasn't a good idea. The way I see things, Twitter either needs to up their security or needs to be shut down for good.

    Reply Report comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.