Ashton Kutcher's Twitter hacked with pro-SSL graffiti

Filed Under: Social networks, Spam, Twitter

Movie star Ashton Kutcher, perhaps best known to many people as Mr Demi Moore, appears to have had his Twitter account compromised while he attended the brainbox TED Conference in Long Beach, California. And the suspicion has to be that a lack of SSL encryption was to blame.

Ashton Kutcher's Twitter account

Messages posted to Ashton Kutcher's 'aplusk' account, which were shared with his more than 6.4 million Twitter followers, said:

Ashton, you've been Punk'd. This account is not secure. Dude, where's my SSL?


P.S. This is for those young protesters around the world who deserve not to have their Facebook & Twitter accounts hacked like this. #SSL

Tools such as Firesheep make it child's play for anybody sitting close to you to jump onto your Facebook or Twitter session if you're using unencrypted WiFi without an SSL connection, for example at a free WiFi hotspot.

Wouldn't it be great if Twitter forced the use of HTTPS at all times? Clearly whoever hacked into Ashton Kutcher's Twitter account feels the same.

The insecure Twitter and Facebook accounts of some celebrities offer a very tempting target for cybercriminals who may wish to spread their dangerous or spammy links to millions of followers. We should just be grateful that on this occasion the hack appears to have taken place to promote better awareness of the need for better security, rather than with more malicious intent.

Other star speakers at the TED conference include Microsoft's Bill Gates, musician Bobby McFerrin, filmmaker Morgan Spurlock, musician Jason Mraz and bigwigs from the Ford Motor Company and Pepsi. Let's hope they're more careful if they decide to access their social media accounts from the conference.

, , , , , , ,

You might like

3 Responses to Ashton Kutcher's Twitter hacked with pro-SSL graffiti

  1. fed up · 1676 days ago

    No, social sites aren't doing enough to secure.
    Even on facebook, you need to go into the account, security settings and re-check the box for https every single time you go into a different app. Even then, some apps have a message saying you can not use the app with the secure setting

  2. Shane Fontenot · 1676 days ago

    That's just awesome! I love it when hackers hack just to make a point. I agree with the hacker, these sites need to move to ssl for better security.

  3. =JeffH · 1671 days ago

    "Wouldn't it be great if Twitter forced the use of HTTPS at all times? " -- Yes! And there's an emerging standard for how to do that: HTTP Strict Transport Security --

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley