Late Monday evening, the twitter account for superstar singer Katy Perry was hijacked. At about the same time, the twitter account for the Peel Police was also hijacked. The hacker posted vulgar, racists remarks on both accounts for about 30 minutes before Twitter shut them down. Although the hack was attributed to a well-known Internet video blogger named Keemstar, the real Keemstar posted a video statement that he was not responsible for hijacking both Katy Perry’s account and the account for the police.
This very public hack highlights a weak link in corporate IT security – your security is only as good as the protection of your passwords. The hacker apparently obtained the Peel Police’s login credentials and was able to take over the account. Although the incident is still being investigated, it may have been a result of a phishing exercise – the hacker would have sent an email to Peel Police employees tricking them into providing the twitter login credentials. A similar phishing incident resulted in a guilty plea in Pennsylvania last week.
If the hack was caused by phishing, an effective defense is education – teach your employees how to identify suspected emails, and your Twitter account will not appear in the news.