Earlier this week, Tone Deaf reported on the compromise of several celebrity musician Twitter accounts, including handles belonging to the likes of Australian rockers Tame Impala, folk troubadour Bon Iver, and comedy duo Tenacious D.
The three breaches were part of a wave of attacks aimed at famous musicians, which has so far included Katy Perry, one of the first to be targeted; Sonic Youth, whose breach included a hoax reunion announcement; Keith Richards; George Harrison; and more.
In most cases, the hacker would direct the musician’s followers to their personal social media channels, but some hackers would occasionally tweet out inflammatory messages, including bomb threats directed at a US airline in the case of Tame Impala.
Outside the music world, Facebook founder Mark Zuckerberg had his disused Twitter and Pinterest accounts hacked, with the hackers themselves claiming the intrusion was thanks to last month’s LinkedIn password dump.
Tone Deaf subsequently speculated whether the leak of millions of LinkedIn user account details may be behind the attacks, since passwords belonging to social media managers working for Tame Impala, Tenacious D, and other targeted musicians may have been leaked.
Since many, if not most, web users reuse the same emails and passwords for different accounts, gaining access to just one password could potentially unravel a person’s entire online identity, granting an intruder access to their Twitter, Facebook, Instagram, etc.
Images via Pitchfork
Indeed, it now seems as though the LinkedIn password dump is the leading culprit in the case. “To help keep people safe and accounts protected, we’ve been checking our data against what’s been shared from recent password leaks,” Twitter’s support account wrote.
Speaking to The Daily Beast, hacker J5Z, who was behind the attack on Tame Impala’s account, but who claims the bomb threats were made by “a ‘friend'”, said the attacks were the beginning of a more serious security compromise.
“It’s famous musicians and artists at risk. If you’re a celebrity, you should change your password immediately,” J5Z said. “Literally everyone should just create a new email, think of a new password, and do it for every account.”
According to J5Z, they just want to raise awareness of how easy it is to compromise someone’s Twitter account. “At first I did this for fun, but I never wanted to do this to ruin people’s careers,” they said.
“I’m just doing it to prevent that from ever happening in case someone who knows how to do it comes along and possibly does some damage. I don’t want to be seen as a bad person, even though I’m most likely being seen like that already.”
“Use multiple emails, passwords, etc. Don’t use the obvious stuff like your (date of birth) or name in your password or email,” they said. “Stop using information that anyone can guess.” J5Z insisted the hacks were being achieved very simply.
Though he declined to reveal just how the attacks were executed, J5Z said all of the hacks on musicians’ accounts have been executed using the same method and the only way to stop it is to change your password.
“The method is simple, yes. Anyone can do it,” they warned. “It’s just they don’t know how to.” Twitter is currently looking into the wave of breaches, but as they do, more Twitter accounts continue to be hacked.