On Tuesday, 27 January 2015, hackers briefly got control of the Twitter and Instagram accounts of Taylor Swift, the Grammy-winning American pop-star, creating a stir on social media.
The infiltrators who took control of Swift’s Twitter account sent a pair of tweets, which have since been deleted, to the star’s 51 million followers.
The two accounts that received unauthorized shoutouts from Swift’s account – @lizzard and @veriuser – have been suspended.
We can only guess whether the @lizzard hacker was associated with the notorious Lizard Squad hackers that have of late plagued Sony and Microsoft with denial-of-service attacks, and were reported (inaccurately, as it turned out) as having knocked Facebook offline on the same day that Swift was hacked.
Lizard Squad also claimed credit for hacking the website of Malaysia Airlines.
Swift reported the hack on her blog on Tumblr, saying Twitter had deleted the hacker’s tweets and locked her account while it investigated what happened.
Despite the anxiety such a hack would cause anyone, Swift showed her cool, hashtagging her Tubmlr post “#HACKERS GONNA HACK HACK HACK HACK HACK” – a reference to the lyrics of her top-selling single “Shake It Off.”
She later regained control of her account and sent a few tweets denouncing the hackers, who had apparently made threats to release nude photos of her.
@taylorswift13: PS any hackers saying they have 'nudes'? Psssh you'd love that wouldn't you! Have fun photoshopping cause you got NOTHING.
Swift’s Instagram account, meanwhile, was taken over around the same time, with the infiltrator posting several images including one NSFW post that instantly tipped off her followers that she had been compromised.
It’s not clear how the hackers got control of Swift’s accounts, but as she’s such a high-profile user, it’s clear that Twitter and Instagram were bound to act, well, swiftly.
Users like you and me, however, we need to look out for our own privacy and security.
The best available defense against hackers taking over your accounts is called two-factor authentication (or two-step verification).
While it’s not perfect, it’s available from most of the major social media networks and webmail providers, and it means that signing into your account requires a password plus an additional piece of information – for example, a one-time code that is generated by a special app on your phone, or sent to you as an SMS (text message).
That means that if someone is able to steal your password they would also need access to your phone every time they tried to login in order to get the necessary one-time code.
And, of course, strong, unique passwords for all your accounts are an absolute must – watch the video below, which explains how you can create strong yet easy-to-remember passwords.
→ Can’t view the video on this page? Watch directly from YouTube. Can’t hear the audio? Click on the Captions icon for closed captions.
Here are a few more tips to keep your Twitter, Facebook and other social media accounts secure from prying hackers and snoops.
- 5 tips to make your Facebook account safer
- How to improve your Twitter security and privacy
- 3 ways to make your Gmail account safer
- 3 tips for keeping your photos and other data safe when using iCloud
You can also follow all the latest privacy and security news on the Naked Security Facebook page.
Image of Taylor Swift courtesy of Featureflash / Shutterstock.com.
9 comments on “Taylor Swift’s Twitter and Instagram accounts hacked”
Though I am not a fan of pop music, kudos to Miss Swift for not taking revealing photos of herself and storing and/or posting them in the cloud. Finally a celeb with some common sense who may actually understand how the Internet works. Whether she used a good password(s) for her accounts is another matter. As I tell my Internet security classes, based on the famous Correct Horse Battery Staple, use a meaningless phrase that you can remember like “2BIGdogsliveonMainSt.” But most people don’t want to enter more than 8 characters, nor do they use password managers, where you get 25 random characters.
Pass phrases are quite good, because they are dead easy to remember, but long. Favourite song lyrics are are a good example. I mean, which dictionary based attack is ever gonna guess: “Psychic spies from China try to steal your mind’s elation”, as an example? Type that a few dozen times and your finger memory starts doing the work for you.
Dictionary Attacks are for simple passwords but it can be integrated with other algorithms for guessing a password .. brute force attacks that can guess such a long password and even more complex ones in a very short time if the hacker is well budgeted .. but I would imagine all such hackers are individuals using basic processing power so a complex (not only long) password can be good enough BUT 2 factor authentication can protect you much better ..
Dictionary attacks aren’t just for short passwords. People can and do retrieve much longer passwords with dictionary and combinator attacks then they do by brute force.
The last thing a password cracking program wants to do is a brute force attack because the results are more or less directly related to how hard you work and for how long. The longer you go on the less often you turn up passwords.
You can get more for less if you guess the patterns people use to create their passwords and you understand how and where people are likely to add in variations.
This leads to all manner of tricks built around dictionaries.
IIRC, users who are required to add capital letters are more likely to capitalise just one letter and that letter is more likely to be a letter at the beginning or the end.
We are so much worse at randomness than we think we are!
I thought I read someplace that hackers can use time on AWS computers to crack passwords. Is this true? If so it would greatly reduce the cost of cracking.
Taylor Swift just recently got a new iPhone 6. Is there a major security problem with them that could allow this to happen? She’s been online for years going back to when MySpace was the main site so I doubt she used weak passwords. I don’t think Instagram has the two factor authentication though. That’s what one site says at least. But Facebook does. How can Facebook have it but not add it to their Instagram service?
What these companies need to do is get serious about going after hackers. The @lizzard account was still active a couple hours after this story came out. Why wasn’t it killed right away? And why can’t I choose an option of hacker under the report link? You can report some issues to Twitter but not hackers. I saw other Lizard Squad Twitter accounts last night. They should be hunted down and banned immediately. They aren’t hard to find.
I don’t think there’s anything specific to the iPhone 6 (or iOS 8) to explain this. Can’t prove it, but it’s my gut feeling.
She deserves to be hacked. Her stance on streaming music with the riaa makes her a perfect target. I am not sure why she was hacked, but if I feel popular faces who make file sharing a big deal are puppets of the media mafia (MPAA & RIAA)
If I can make money posting my music on last.fm youtube and spotify with only 60k hits a month, then I can only imagine what some one of her popularity is missing out on. Shes been brainwashed by the producers who could care less about her. Little does she know she would probably make more off her adsense account,if she open up her narrow little mind.
What a dumb comment. So you think singers should just give their music away? She writes her own songs and would lose a lot of money if everyone could listen to her whole albums for free. It’s a bad idea to give your work away when people will buy it. After three months she still has the #1 or #2 album in the US. All Spotify has to do is only let paying customers listen to the albums. The songs released as singles to radio would be available for non-paying customers. I don’t like that people are so cheap when it comes to music now. I was around in the 70’s and 80’s and in the 80’s I was paying $20 for a new CD. People need to stop being crybabies.