When good Twitter accounts go bad. Whether it’s malicious intent or simple human error, Twitter users are increasingly at risk when it comes to protecting their privacy and reputation online. This infographic details several of the most recent and now infamous Twitter hacks, and examines common entry points for hackers, including weak passwords and malicious email attachments.


When good Twitter accounts go bad.

January 2010, Twitter banned 370 passwords for being too obvious.

Among the banned passwords:

000000, 123456, aaaaaa, baseball, cookie, diamond, eagles, freedom, guitar, helpme, jackson, killer, letmein, monkey, naked, orange, password, qwerty, richard, stupid, twitter, united, voodoo, whatever, xxxxxx, yamaha, zzzzzz

  • As of July 2011, Twitter has a list of 401 passwords that they do not allow members to use.
  • Prior to being banned, “123456” was the most commonly used password on Twitter


As of Sept 26, 2011 these are the Twitter accounts with the most followers:

Celebrity Number of Followers Last Hacked
Lady Gaga - @Ladygaga 13,873,401 Apr 27, 2011
Justin Bieber - @justinbieber 12,874,993 Jul 27, 2010
Barack Obama - @barackobama 10,241,354 Jan 05, 2009
Katy Perry - @katyperry 10,152,091 Jan 29, 2010
Kim Kardashian - @kimkardashian 9,998,690 Apr 01, 2011
Britney Spears - @britneyspears 9,733,965 Nov 12, 2009
Shakira - @shakira 8,700,652 Never Hacked
Taylor Swift - @taylorswift13 8,144,853 Never Hacked
Ashton Kutcher - @aplusk 7,726,942 May 02 , 2011
Ellen DeGeneres - @theellenshow 7,658,301 Jun 28, 2009
  • @justinbieber pwns “hacker” – after someone hacked into Justin Bieber’s friends Twitter and got Bieber’s phone number, @justinbieber got the “hacker’s” phone number and tweeted it to his 4.5 million followers. As result, the “hacker” received over 26,000 text messages.
  • Apr 17, 2009 @aplusk Became the first Twitter user to reach 1 million followers.


Giving users the option to require SSL on Twitter was almost certainly accelerated by the release of Firesheep, a free Firefox web browser extension developed by Eric Butler, and the subsequent opportunistic Twitter account hacking that resulted. – “I promised myself I’d get this SSL feature out in my first year/ tomorrow is my 1 year anniversary” - @boblord #phew, #missionAccomplished, #security

Good Accounts Gone Bad

Sept 10, 2011 at 5:48 p.m. @NBCNews tweeted: Breaking News! Ground Zero has just been attacked. Flight 5736 has crashed into the site, suspected hijacking, more as the story develops.

  • Of course this was not true – minutes later the official NBCNews account posted a tweet attributing the message to “The Script Kiddies”
  • The NBCNews hack was attributed to the ‘Christmas Tree’ Trojan, which was delivered via a malicious e-mail attachment.

A group calling themselves “The Script Kiddie” commandeered control of the account to send a series of tweets falsely reporting an attack on Ground Zero in New York, two days before the 10th anniversary of 9/11. The same group took credit for posting that President Obama had been assassinated on July 03 via the official @FoxNewsPolitics Twitter account.

Sept 25, 2011
Script_Kiddiez strike again – this time the group hacked @USAToday’s Twitter Account

  • They used the opportunity to conduct a Facebook survey to determine their next target…
  • “Script_kiddiez_ – Just hacked @usatoday”
  • “USAToday’s – Follow @Script_kiddiez_ for more hacks in the future, including your choice! vote now at on.fb.me/ouunmj


When is a hack not a hack? When you do It to yourself!

Pro Tip: if you’re trying to message racy photos of yourself or part of yourself to one person, don’t post it to everyone who follows you on twitter - “#Weinergate – not Hacked just careless

Twitter Gets Hacked, Badly Jan 05, 2009

  • 33 accounts were hacked after Twitter’s internal admin tools were compromised.
    • Fox news – Breaking: Bill O Riley is gay
    • Richsanchezcnn – I am high on crack right now might not be coming into work today
    • Brinteyspears – HI Yall! Brit Brit here, just wanted to update you all on the size of my xxxxxxx. Its about 4 feet wide with razor sharp teeth.

Fergal Glynn joined Veracode in 2008. Fergal is currently responsible for lead generation activities including content marketing, blogging, search engine optimization, webinar marketing, social media, and optimizing the marketing and sales funnel. Fergal spent his first two years at Veracode as a Product Manager.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu