Katy Perry Hacked for...Gibberish Lulz

Hackers took over the most-followed Twitter account in the world this week, hijacking pop star Katy Perry’s feed to post various havoc-wreaking missives to her 89 million followers.

At least, the perpetrator may have hoped they would be havoc-wreaking. The tweets emanating from @katyperry were fairly obviously not being written by her, featuring fist-bump emojis, pithy lines like “ha ha breh” and homophobic/racist slurs. Obviously, this person was simply in it for the lulz—and the immaturity.

The Romanian hacker that claimed responsibility, who calls himself “Sway,” also tweeted a message at rival pop star Taylor Swift (“miss u baby”—hardly the stuff of starting a celebri-feud). Swift has roughly 78 million followers, so Sway’s reach of inanity was pretty wide.

But a potentially serious outcome was also part of this: He or she included a link to an apparently unreleased song called “Witness 1.3,” posted on SoundCloud by a user named, charmingly, “slut.”

Sway later posted a screenshot of an email from SoundCloud saying that it had removed the track under a copyright claim by Universal Music Group: “We’ve received a report directly from Universal Music Group that your track ‘Witness 1.3’ contains ‘Witness 1.3’ by Katy Perry. As a result, your track has been removed from your profile for the time being.” His or her comment? Predictably, “LOL.”

Mike Raggo, chief research scientist at ZeroFOX, pointed out to us via email that the incident is likely to have further-ranging consequences beyond some kid in Eastern Europe having fun for a day.

“As these accounts are compromised, users of these platforms can expect phishing campaigns to follow as a method of exploiting additional accounts or targeting other data on the computers and mobile devices used to access those accounts,” he said. “Users should not only reset their passwords using strong passwords as well as two-factor authentication when possible, but be particularly watchful of reviewing a social media link before you click on it to avoid being a victim of further attacks.”

And this might also be a good time for those in the Twitterverse (and elsewhere) to revisit their bios, and reconsider how much personal information you share such as birthdate, home address, phone number and more.

Photo © A.RICARDO/Shutterstock.com

What’s Hot on Infosecurity Magazine?