Saudi Aramco, Saudi Arabia’s national oil company, has had its Twitter hacked

The avatar used by the hackersSaudi Aramco, the national oil company of Saudi Arabia, has had its official Twitter account compromised by hackers.

Not only have the hackers replaced Saudi Aramco’s logo with a picture of the Heath Ledger’s portrayal of “The Joker” from the film “The Dark Knight” Batman movie, but they have also tweeted a series of messages to the oil firm’s 46,000 followers.

Here, via the wonder of an animated GIF, I can show you what the tweets are saying in English:

Animated GIF of hacked account

Sign up to our free newsletter.
Security news, advice, and tips.

Here’s a (Google-translated) example:

Account has been compromised by Mister Rero for through a loophole of Alheczr discovery Joseph hacker to connect with Joseph

Last August, Saudi Aramco revealed that it had been hit by a malware attack that affected more than 30,000 of its computers.

Opinions differed as to whether that attack, linked to the Shamoon malware, was likely to be the work of a lone hacker or was a sophisticated assault by a foreign power.

Saudi Aramco isn’t the first company to have had its Twitter account hacked, of course. For instance, recently the likes of Jeep and Burger King have found themselves at the mercy of hackers who took over their tweets and caused mischief.

And back in 2010 another oil company – BP America – found its Twitter account had been hijacked by pranksters making fun of the devastating oil leak in the Gulf of Mexico.

It seems likely that Saudi Aramco’s Twitter account has been compromised because of poor password security by whoever runs their social media operations.

Remember, you should always use hard-to-guess, hard-to-crack, unique passwords for your online accounts that you are not using anywhere else on the web.

Once again, a corporate brand is left wishing that Twitter offered some additional levels of protection – such as two factor authentication.

Hat-tip: @jeffreycarr via @mikko.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.