Britney Spears isn’t dead – but her TwitPic *is* hacked

She may very well be the name associated with more spam, virus and hack attacks than anyone else in history. Yes, step aside Paris, Angelina and Bill, my guess is that the name that hackers choose to exploit for their own ends more than any other is Britney Spears.

In a tasteless stunt that was seen by her two million followers earlier today, a hacker managed to post the following message to Britney Spears’s Twitter stream earlier today:

Britney has passed today. It is a sad day for everyone. More news to come.

Britney's Twitter page announces that she has died

Sign up to our free newsletter.
Security news, advice, and tips.

Interestingly, the fake story of Britney’s death was posted to her Twitter followers via the TwitPic service, which automatically forwards messages to the associated Twitter account. There are a number of ways in which you can post a message on TwitPic – which is then echoed on Twitter – including logging on to the service or sending a picture to a unique email address.

It’s possible that that last method of updating TwitPic may be the prime suspect in this case, as
the service just tweeted that they have fixed a vulnerability with their email posting functionality. There certainly has been a concern in the past that TwitPic relies upon a four digit PIN that could be cracked through brute force.

That would mean that I could post a message (and TwitPic link) on Britney’s Twitter page if I could crack her four digit PIN and use it to email [email protected] (where XXXX are the four digits). That certainly doesn’t seem like very good security.

The picture on Britney Spears’s TwitPic account and the fake post to Twitter have since been deleted, but followers of the popstar have been reassured that she has not died by the following update on the micro-blogging service:

Post on Britney Spears Twitter account about being hacked

The Twitter accounts of fellow celebrities Ellen DeGeneres and Diddy (also known as P Diddy or Puff Daddy or even Sean Combs – can’t he make his mind up? Does he keep changing his name in an attempt to avoid income tax?) are also said to have published similar messages about their owner’s demise.

I guess that the millions of people who follow these celebrities on Twitter have to be grateful that all that they saw was a sick prank by hackers, rather than put in danger by being exposed to a malicious link to a website containing malware or a phishing page.

Curiously, Lindsay Lohan claimed last week to have also been on the receiving end of a hacker after someone posted a controversial picture on her TwitPic account (which was retweeted widely on Twitter).

However, Britney’s latest hack occurred – one thing is pretty clear. It’s a pretty sick and tasteless joke. When I saw her Twitter feed had been tampered with it reminded me of how MacWorld’s news feed got hacked in January in an equally tasteless stunt, claiming that Steve Jobs had died.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.