Hack of Hyatt Twitter account by Acai Berry spammers is a warning for us all

Hyatt and acai berriesAs more and more businesses embrace social media to promote their brands and provide services to their customers, there’s obviously a need to keep those accounts secure.

After all, if – for instance – a branded Facebook page is hacked you might find that thousands of your online “fans” are suddenly on the receiving end of scams, spams, or posts simply designed to damage your company’s reputation.

The point was brought home rather well this weekend, when a Twitter account associated with the Hyatt hotel chain was briefly compromised by spammers:

Hyatt Twitter account hacked

Sign up to our free newsletter.
Security news, advice, and tips.

The message sent out from the Hyatt Concierge account, claimed to offer a miraculous way to lose weight with Acai berries.

An amazing new weight loss product! It worked for me and I didnt even change my diet! [LINK]

If you were tempted by the apparent recommendation by Hyatt for a diet and visited the link, this is what you would see:

Acai Berry diet website

Regular readers of Naked Security will be all too familiar with the design of the Acai Berry website, as similar sites have been linked to by spammers and scammers many times in the past, hoping to earn affiliate cash by driving traffic. Sites like this pretend to be news websites, but in fact are nothing of the sort.

Fortunately, a quick perusal of the @HyattConcierge Twitter account shows them to be doing a great job generally in terms of customer service, helping customers with their questions.

Sure enough, they seem to have also been quick in warning their followers to not click on the link – posting a message within an hour of the account being compromised. (Although personally, I think it’s preferable to both issue a warning and remove the offending tweet).

So, always be careful about the links that you click on – even if they appear on the Facebook pages or Twitter accounts of companies who you trust. It’s always possible that someone else has posted in their name.

And if you work for a business which is promoting its brand online, or providing assistance to customers, make sure that you take security seriously – use unique hard-to-crack passwords, be careful what applications you grant access to your social media accounts, control how many staff have access to the account and keep your computers up-to-date with the latest security software and patches.

Social networking sites like Twitter and Facebook could do their part to help protect businesses’ online presence too.

For instance, isn’t it time that there was better security available to accounts which have a large number of followers, or well-known companies?

Twitter login username and password

Just a username/password combination isn’t enough when a social media account is an important part of your business or public image.

I, for one, would like to see Twitter and other social media sites offer an additional level of authentication for those who want to better defend their accounts. I fear that, unless that happens, we will continue to see high profile accounts hacked and brands damaged as hackers run rings around them.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.