Acai Berry spam attack connected with Gawker password hack, says Twitter

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

Hundreds of thousands of Twitter accounts appear to have been compromised by hackers, who have spread spam promoting an Acai Berry diet.

Acai berry news spam

Typical spam messages included:

I lost 9lbs using acai! RT This! [link]

and

Lost 10lbs using acai berry! RT This! [link]

The messages appeared so quickly that initial reports suggested that simply visiting the webpage linked to in the messages might automatically post the message from your own Twitter account, however the truth may instead be connected to a high profile password hack that came to light on a different website over the weekend.

According to Del Harvey, Twitter’s director of trust and safety, the messages appear to have been posted from accounts where users were using the same password on both Twitter and the recent Gawker website hack. (Note that their are many websites in the Gawker network, including Lifehacker, Gizmodo, etc).

Clicking on the links (which appear to use domain names called “acainews” but could easily use other names in their links too) being spread via Twitter takes you to an advertorial page promoting the so-called miracle diet.

Acai berry spam diet page

Which, in turn, directs users to a page selling a diet solution which claims to use acai berries as an ingredient:

Acai berry spam diet page

The key issue here is that too many users (perhaps as many as a third) are still using the same password for every website they access.

Password chart

Not enough computer users have woken up to the danger of using the same password on different websites. Doing that means that if one site gets hacked (as in the Gawker case) then you might also be handing over the keys to other websites.

Once one password has been compromised, it’s only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain.

Sign up to our free newsletter.
Security news, advice, and tips.

Furthermore, it’s important that users don’t use a word from the dictionary as their password. It’s easy to understand why computer users pick dictionary words as they’re much easier to remember, but as I explain in this video a good trick is to pick a sentence and just use the first letter of every word to make up your password.

https://youtube.com/watch?v=VYzguTdOmmU

Password security is becoming more important than ever. Make sure that you’re taking the issue seriously, or suffer the consequences.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.