Warnings spread like wildfire across Twitter today, suggesting that the popular Huffington Post blog had fallen victim to hackers, who had managed to break into its Twitter account and post offensive messages.
Sure enough, if you visited the @HuffPostNews Twitter account there were plenty of unsavoury messages, many seemingly posted by someone sympathetic to right wing politics.
Here’s a video I made about the incident:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
However, you shouldn’t always be quick to jump to conclusions.
I noticed that the @HuffPostNews account only had about 1900 Twitter followers – a surprisingly low number for a blog so popular. What was more, the Huffington Post’s own website points to a Twitter account called (imaginatively) @huffingtonpost, which has a somewhat more impressive half a million-or-so devoted fans.
Yes, it does look like a Twitter account was hacked – but it wasn’t necessarily one belonging to the Huffington Post. Anybody can create an account on Twitter and call it pretty much whatever they like. My guess is that someone created an account on Twitter called @HuffPostNews and used the rather natty Twitterfeed service to automatically tweet the latest headlines from the real Huffington Post’s RSS feed.
Some 1900 or so other Twitter users innocently followed the @HuffPostNews account, believing it to be the real Huffington Post – and it didn’t matter that it wasn’t until the account was hacked and offensive messages began to be posted.
The good news is that the hacked account was used for posting juvenile messages rather than for spreading spam or malicious links, and Twitter now appears to have suspended the account.
But there’s a couple of lessons for all of us here:
1. Don’t believe that just because a Twitter account claims to be a person or a particular organisation that it definitely is.
2. Ensure that you are properly defending your Twitter account by choosing strong passwords, not sharing them with third party websites, and running up-to-date security software on your computers.