The Onion is Twitter hacked by Syrian Electronic Army. Hardly anyone notices

Spoof news website The Onion had its Twitter account hijacked by members of the Syrian Electronic Army earlier today.

The hackers, who have recently attacked numerous media accounts, posted jokey messages – which left some in a state of confusion as to whether the account was really compromised, or was simply pretending to be hacked as a publicity stunt.

The #Onion CEO: “We regret taking zionist money to defame Syria, now the hackers are up our ass”

UN retracts report of Syrian chemical weapon use: “Lab tests confirm it is Jihadi body door”

BREAKING: #TheOnion readership mass confusion as Syrian Electronic Army takes over. All demand a permanent column

Of course, The Onion is in the habit of posting silly untruthful news stories – so it’s doubtful that anyone really noticed much difference.

To their credit, The Onion took the hack in good spirits and posted a joke news story claiming that they had changed their Twitter password to OnionMan77 to deflect future attacks:

“We have taken the necessary measures to ensure this kind of thing never happens again,” said Onion IT specialist Nick Abersold, who noted that the new password’s length and use of numbers makes it “virtually impenetrable.” “There are no spaces, and the O and M are both capitalized—both tactics that I think will keep us safe for the foreseeable future. Also, there’s not one, but two 7s. So, once again, The Onion’s Twitter password is OnionMan77.”

Ho ho. Very droll.

Joking aside, media organisations should follow the advice sent out by Twitter last week, offering sensible tips on how companies could avoid becoming the next victim of the Syrian Electronic Army and other hackers.

Imagine how much worse things could have been if the hackers had chosen to post malicious links to the millions of people who follow The Onion‘s Twitter account?

Update: At the time of writing, The Onion appears to have wrestled control back of its Twitter account. However, the Syrian Electronic Army has been posting pictures to Twitter as evidence that it also compromised the website’s email accounts.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.