Saudi Aramco, Saudi Arabia's national oil company, has had its Twitter hacked

Filed Under: Malware, Featured, Twitter

The avatar used by the hackersSaudi Aramco, the national oil company of Saudi Arabia, has had its official Twitter account compromised by hackers.

Not only have the hackers replaced Saudi Aramco's logo with a picture of the Heath Ledger's portrayal of "The Joker" from the film "The Dark Knight" Batman movie, but they have also tweeted a series of messages to the oil firm's 46,000 followers.

Here, via the wonder of an animated GIF, I can show you what the tweets are saying in English:

Animated GIF of hacked account

Here's a (Google-translated) example:

Account has been compromised by Mister Rero for through a loophole of Alheczr discovery Joseph hacker to connect with Joseph

Last August, Saudi Aramco revealed that it had been hit by a malware attack that affected more than 30,000 of its computers.

Opinions differed as to whether that attack, linked to the Shamoon malware, was likely to be the work of a lone hacker or was a sophisticated assault by a foreign power.

Saudi Aramco isn't the first company to have had its Twitter account hacked, of course. For instance, recently the likes of Jeep and Burger King have found themselves at the mercy of hackers who took over their tweets and caused mischief.

And back in 2010 another oil company - BP America - found its Twitter account had been hijacked by pranksters making fun of the devastating oil leak in the Gulf of Mexico.

It seems likely that Saudi Aramco's Twitter account has been compromised because of poor password security by whoever runs their social media operations.

Remember, you should always use hard-to-guess, hard-to-crack, unique passwords for your online accounts that you are not using anywhere else on the web.

Once again, a corporate brand is left wishing that Twitter offered some additional levels of protection - such as two factor authentication.

Hat-tip: @jeffreycarr via @mikko.

, , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley