ShitMyDadSays is hacked on Twitter

Shit My Dad Says
Spammers have managed to hack the account of Twitter phenomenon “ShitMyDadSays”, posting a message to the popular page’s 1.8 million followers.

The tweet, which has since been removed, said:

wow I just got a free dell laptop LOL <LINK>

Hmm.. It strikes me that there’s only word for such a security breach: Sh*t.

Clicking on the link, which at the time of writing is still active, currently redirects users via to a “make-money-fast” website:

Website pointed to by ShitMyDadSays spam

We have informed of the spammer’s link – and hopefully it will be shut down shortly.

In the past, well known figures such as Lindsay Lohan, Guns n’ Roses’ Axl Rose, John C Dvorak and Britney Spears have had their Twitter accounts compromised. In addition, organisations such as the New York Times and BP America, have had their Twitter accounts broken into by hackers.

We’ve also seen other “working from home” scams distributed via Twitter in the past. It’s unlikely that this will be the last.

You’ll notice in the above screenshot it refers to the town of Witney in the headline. That’s probably because the page is doing a GEO-IP lookup to try and tailor the content to be more of interest to me (I’m sitting not a million miles away from that British town).

Of course, it’s quite serious when such a popular Twitter account has its security breached. In theory, malicious hackers could have posted a link to malware or a phishing site – rather than just what appears to be a more traditional spam page.

Justin Halpern, the owner of the ShitMyDadSays Twitter account, has now deleted the offending tweet, and posted an apology to his followers.!/shitmydadsays/status/2204872732577792

It’s unclear whether his Twitter password was phished, whether it was cracked through a dictionary attack or spyware, or whether he made the mistake of using the same password on multiple websites.

Don’t forget, you should always choose a hard-to-guess non-dictionary word as your Twitter password, and never use the same password on multiple websites.

Watch this video if you don’t yet know how to choose a strong unique password for your different logins.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)