Kevin Bacon has his Twitter hacked – six degrees leads to something phishy

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Kevin Bacon Online criminals hijacked the Twitter account of Hollywood actor Kevin Bacon earlier this week, in an attempt to steal the passwords of the star’s hundreds of thousands of followers.

Bacon, who is probably almost as well known for the “Six degrees of Kevin Bacon” trivia game as he is for his prolific movie career, had his Twitter account hacked on Sunday, when it began to post messages designed to entice readers into clicking on a dangerous link to discover more.

Did anyone see this? She is way too young for that [LINK]

Phishing tweets on Kevin Bacon's account

Sign up to our free newsletter.
Security news, advice, and tips.

If you did find yourself clicking on the link, whose true destination had been hidden by use of the bit.do (not to be confused with bit.ly) URL shortener, you would find your browser had taken you to what appeared to be a Twitter login page.

Kevin Bacon phishing page

Of course, careful examination of the URL in the browser’s address bar reveals that it’s not a page hosted on Twitter’s own servers.

If you did make the mistake of entering your username and password at this point, you would have handed over your login credentials to online criminals – who could later exploit them to compromise your own account, and perhaps send spam messages or malicious links to your friends and followers.

The good news is that Kevin Bacon appears to have realised that the unauthorised tweets had been sent from his account pretty quickly, and posted a message apologising to fans and saying that he had changed his password.

Kevin Bacon apologises

Kevin Bacon says his new password is EggsN'. Geddit?

An obvious question is how was Kevin Bacon’s Twitter account hacked. Was he using the same password in multiple places (and perhaps hacked elsewhere)? Or did he himself fall for a phishing attack?

I was interested to see Eduard Kovacs of Softpedia note that despite apologising to his followers for the phishing messages, Kevin Bacon still hasn’t actually removed them from his Twitter page.

Maybe he would be sensible to take a little less time making bad puns, and put a little more effort into cleaning up the dangerous links that the phishers have left lying around. After all, a Twitter hacking is no yolk. [Sorry, I’m so sorry]

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.