Kevin Bacon has his Twitter hacked – six degrees leads to something phishy

Online criminals hijacked the Twitter account of Hollywood actor Kevin Bacon earlier this week, in an attempt to steal the passwords of the star’s hundreds of thousands of followers.

Bacon, who is probably almost as well known for the “Six degrees of Kevin Bacon” trivia game as he is for his prolific movie career, had his Twitter account hacked on Sunday, when it began to post messages designed to entice readers into clicking on a dangerous link to discover more.

Did anyone see this? She is way too young for that [LINK]

Sign up to our newsletter
Security news, advice, and tips.

If you did find yourself clicking on the link, whose true destination had been hidden by use of the bit.do (not to be confused with bit.ly) URL shortener, you would find your browser had taken you to what appeared to be a Twitter login page.

Of course, careful examination of the URL in the browser’s address bar reveals that it’s not a page hosted on Twitter’s own servers.

If you did make the mistake of entering your username and password at this point, you would have handed over your login credentials to online criminals – who could later exploit them to compromise your own account, and perhaps send spam messages or malicious links to your friends and followers.

The good news is that Kevin Bacon appears to have realised that the unauthorised tweets had been sent from his account pretty quickly, and posted a message apologising to fans and saying that he had changed his password.

Kevin Bacon says his new password is EggsN'. Geddit?

An obvious question is how was Kevin Bacon’s Twitter account hacked. Was he using the same password in multiple places (and perhaps hacked elsewhere)? Or did he himself fall for a phishing attack?

I was interested to see Eduard Kovacs of Softpedia note that despite apologising to his followers for the phishing messages, Kevin Bacon still hasn’t actually removed them from his Twitter page.

Maybe he would be sensible to take a little less time making bad puns, and put a little more effort into cleaning up the dangerous links that the phishers have left lying around. After all, a Twitter hacking is no yolk. [Sorry, I’m so sorry]

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.