Movie star Ashton Kutcher, perhaps best known to many people as Mr Demi Moore, appears to have had his Twitter account compromised while he attended the brainbox TED Conference in Long Beach, California. And the suspicion has to be that a lack of SSL encryption was to blame.
Messages posted to Ashton Kutcher’s ‘aplusk’ account, which were shared with his more than 6.4 million Twitter followers, said:
Ashton, you've been Punk'd. This account is not secure. Dude, where's my SSL?
P.S. This is for those young protesters around the world who deserve not to have their Facebook & Twitter accounts hacked like this. #SSL
Tools such as Firesheep make it child’s play for anybody sitting close to you to jump onto your Facebook or Twitter session if you’re using unencrypted WiFi without an SSL connection, for example at a free WiFi hotspot.
Wouldn’t it be great if Twitter forced the use of HTTPS at all times? Clearly whoever hacked into Ashton Kutcher’s Twitter account feels the same.
The insecure Twitter and Facebook accounts of some celebrities offer a very tempting target for cybercriminals who may wish to spread their dangerous or spammy links to millions of followers. We should just be grateful that on this occasion the hack appears to have taken place to promote better awareness of the need for better security, rather than with more malicious intent.
Other star speakers at the TED conference include Microsoft’s Bill Gates, musician Bobby McFerrin, filmmaker Morgan Spurlock, musician Jason Mraz and bigwigs from the Ford Motor Company and Pepsi. Let’s hope they’re more careful if they decide to access their social media accounts from the conference.