14 DAY TRIAL // The social accounts of Taylor Swift on Twitter and Instagram have been hijacked by an individual claiming to possess images of the singer in the nude and threatening to leak them online.
On Monday, the Twitter feed of the star published messages telling fans to follow two accounts belonging to the perpetrators; these have since been suspended by the microblogging platform.
Hackers make false claims
The tweets were swiftly removed from the list, but then the hackers pulled the same act on the star’s Instagram account.
The purpose of the hijack seems to be purely financial since the hackers posted a message on Twitter with a bitcoin address saying that nude images with Taylor Swift would be published the moment the wallet is filled with at least three bitcoins ($770 / €677).
Those seeking to peek at the personal pics of the singer were in for a disappointment though, as Taylor Swift was quick to reply that the hackers do not have such content in their hands.
“PS any hackers saying they have ‘nudes’? Psssh you'd love that wouldn't you! Have fun photoshopping cause you got NOTHING,” she tweeted.
However, it appears that the perps managed to extract some personal message exchanges with different other celebrities. Nothing harmful got out, though.
At the moment, Swift’s Twitter account is under the control of the rightful owner and all unauthorized messages have been removed.
Two-factor authorization for the win
Details on how the incident occurred have not been made available, but one possibility is lack of the two-factor authentication (2FA) security measure combined with a phishing email to the person in charge of handling social media for the star, tricking them into entering the credentials on a bogus log-in page.
“My Twitter got hacked but don’t worry, Twitter is deleting the hacker tweets and locking my account until they can figure out how this happened and get me new passwords. Never a dull moment,” Swift said on her Tumblr.
This is not a new method, but it seems to be very efficient, even in the case of high-profile users. 2FA consists in having a second authorization code besides the password sent on a device owned by the user. This denies access to the account to unauthorized individuals, even if they have the username and password.
Celebrities are not the only targets of hackers. Media organizations such as Le Monde, New York Post and UPI (United Press International) have also been hijacked, due to failing to enforce the 2FA account security standard.
Earlier this month, the Twitter account of CENTCOM (US Central Command) also fell in the hands of hackers, who used it to spread pro-ISIS propaganda.
PS any hackers saying they have 'nudes'? Psssh you'd love that wouldn't you! Have fun photoshopping cause you got NOTHING.
— Taylor Swift (@taylorswift13) January 27, 2015
Cause the hackers gonna hack, hack, hack, hack, hack...
— Taylor Swift (@taylorswift13) January 27, 2015