More than 2,500 Twitter accounts have been compromised to tweet links to websites specializing in adult dating and sex personals, according to new Symantec research.
There were a number of high-profile accounts caught up in the scam, including ones belonging to the band Chromeo, an international journalist from The Telegraph, stand-up comedian Azeem Banatwala, Houston Texans wide receiver Cecil Shorts III, and the late New York Times reporter David Carr.
Like with the Chromeo example pictured right, the attackers changed the profile photo, biography, and full name of the accounts to promote adult sites. Symantec believes the culprit responsible for these compromises earns $4.00 for each person who signs up for the adult dating site.
You can read the full blog online here to see more examples of compromised Twitter accounts, and let me know if you’d like to speak with a Norton security expert about this research. I’ve also included tips to secure your Twitter account and how to report compromised profiles below.
Secure your Twitter account using the following steps:
- Create a strong and unique password: It is likely that many of the compromised accounts used weak passwords or re-used passwords on other services.
- Use a password manager: If you want to create and securely store your passwords, we suggest using a password manager. While there are plenty to choose from (LastPass, 1Password, Dashlane, KeePass, Password Safe, Norton Identity Safe), we suggest you use one that best meets your needs and your budget.
- Consider enabling Twitter’s Login Verification: Instead of relying on just a password, Login Verification requires you to enter a code that is sent to your mobile phone. This adds an extra layer of security and helps prevent unauthorized access to your account. Just be sure to securely store your backup code in case you lose your mobile phone.
- Report compromised accounts to Twitter: If you believe that someone you know or follow has been compromised, you can report their account to Twitter by selecting the gear icon on their profile and clicking on Report. From there, select the option “Their account may be hacked” to proceed.