Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

“Most Hated Man in America” Martin Shkreli’s Twitter feed hijacked

22 Dec 2015 1 Celebrities, Data loss, Hacked, Privacy, Security threats, Social networks, Twitter

Post navigation

Previous: Apple CEO Tim Cook sticks to his guns: “No encryption backdoors”
Next: 3.3 million Hello Kitty fans exposed in database leak
by Lisa Vaas

On Saturday, “Most Hated Man in America” Martin Shkreli – he who raised the price of a life-saving AIDS pill from $13.50 to $750 and who pleased much of the nation last week by getting busted over an alleged securities fraud Ponzi scheme – took to Twitter to shrug off the charges:

I am confident I will prevail. The allegations against me are baseless and without merit.

— Martin Shkreli (@MartinShkreli) December 19, 2015

On Sunday, internet poltergeists diverted that stream of confidence, hijacking Shkreli’s Twitter account, changing his name to “Martin the God”, and emitting seven taunting and sometimes profanity-laced tweets, including:

I am now a god

“Anyone want free money? Willing to donate hundreds of thousands to charities before I go to prison...”

A spokesman for Shkreli, who stepped down from his position as chief executive of Turing Pharmaceuticals last week, confirmed to Reuters that Shkreli’s account had been hacked and that they were working with Twitter to get it back.

By late Monday morning, Shkreli tweeted a message saying that he’d regained control of his account.

One of the responses that message got:

@MartinShkreli No 2-factor authentication?

— Holiday K™ ️ (@IvanTheK) December 21, 2015

That’s a good question. Because Twitter does, in fact, have a two-factor authentication (2FA) tool, which it calls login verification.

Twitter introduced it in February 2015 as a way to fend off hijackings like the one that Shkreli had to deal with.

We don’t know how Shkreli’s account was compromised, but we do know that there are plenty of ways to do it: he might have clicked on a phishy link, reused his password, or perhaps he just used a feeble one – like his pet’s name – instead of using a unique, hefty brute of a password.

Of course, Twitter accounts of businesses or celebrities are particularly tempting targets, and with a week like Shkreli had, he might as well have had a glowing target painted on his back.

We don’t know if he had login verification turned on, but it would have made his account a lot more difficult to take over if he did, given that an attacker would have had to not only know his login credentials but have access to his phone to successfully hack a 2FA-protected account.

You can check out this video from Twitter that shows you how to set up login verification.

Regardless of what you think of Shkreli, his innocence or guilt, or his guitar playing, hijacking his account was still wrong.

We hope that he, you or anybody liable to account hijacking knows about, and implements, 2FA on Twitter or any online service where it’s available.

Image courtesy of Twitter.com / Martin Shkreli

  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.

Post navigation

Previous: Apple CEO Tim Cook sticks to his guns: “No encryption backdoors”
Next: 3.3 million Hello Kitty fans exposed in database leak

One comment on ““Most Hated Man in America” Martin Shkreli’s Twitter feed hijacked”

  1. jkwilborn says:
    December 25, 2015 at 9:32 am

    I bet there are lots of aids sufferers that disagree with you. To raise the price like he did is not only unconscionable but is about as low as anything could get. Just for this maybe he will get a prison term… What goes down, comes around…

    Jack

    Reply

What do you think? Cancel reply

Recommended reads

May15
by Paul Ducklin
8

Firefox out-of-band update to 100.0.1 – just in time for Pwn2Own?

Apr11
by Paul Ducklin
25

OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default

May12
by Paul Ducklin
1

Serious Security: Learning from curl’s latest bug update

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2022 Sophos Ltd. All rights reserved. Powered by WordPress VIP