My Twitter was hacked, claims John McAfee

Hmm.

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

My Twitter was hacked, claims John McAfee

I can’t begin for one minute to imagine what it must feel like to be John McAfee.

He founded one of the world’s most famous security companies, disguised himself as a Guatemalan trinket salesman while on the run from the Belize police who wanted to question him about a murder, claimed he ran a team of 23 women to seduce and spy on his enemies in Belize, put himself forward as a possible candidate for the US Presidency in 2016, and said he would use “social engineering” to determine the iPhone passcode of one of the (dead) San Bernadino killers.

I could probably fill umpteen more paragraphs detailing the publicity-shy John McAfee’s colourful tales and unorthodox life.

Sign up to our free newsletter.
Security news, advice, and tips.

So, what to make of his latest claim that his Twitter account was hacked?

John Mcafee tweet

McAfee’s “urgent” tweet came after a series of messages were posted to his account, encouraging his half a million followers to purchase lesser-known cryptocurrencies.

Coin of the day

The real John McAfee is no stranger to tweeting about which cryptocurrency his followers should invest in, so the “hacker” certainly wasn’t entirely clueless about how to blend in with the security veteran’s regular postings.

McAfee subsequently deleted the offending tweets, and claimed that “most likely” his mobile phone was compromised.

If we are to believe John McAfee, he’s a frequent target for hackers. And apparently it’s Twitter’s fault, not his.

“Though I am a security expert, I have no control over Twitter’s security. I have haters. I am a target. People make fake accounts, fake screenshots, fake claims. I am a target for hackers who lost money and blame me. Please take responsibility for yourselves. Adults only please.”

In response, to the alleged hack, John McAfee says he has disabled two-factor authentication (2FA) on his accounts. If you ask me, that’s a truly bizarre course of action – and one that I hope other Twitter followers do not emulate, especially as the site has just enhanced its 2FA security feature to properly support third-party authentication apps.

Is John McAfee telling the truth? Or spinning a fanciful yarn about his account being hacked for his own reasons?

I imagine my guess is as good as yours.

What I do know is that John McAfee has been caught out by poor security practices in the past, only to offer some eyebrow-raising and hard-to-swallow explanations later.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

3 comments on “My Twitter was hacked, claims John McAfee”

  1. coyote

    It's a shame they didn't add after the '$BAT' a certain '$SHIT' and then '$CRAZY'. But I suspect they had their reasons.

    If I was a conspiracy theorist I would suggest he did it himself: as in he did it as a publicity stunt (nothing new), blamed Twitter (iirc nothing new to blame others) and then decided to stop giving advice (perhaps his best move yet?). That's an odd one of course, since it brings him less attention but who says conspiracy theories have to make sense? The fact he talks about disabling 2FA is also odd but that's kind of fitting for him, isn't it?

    I think the story is as mental as he is, frankly.

    Happy New Year btw. :) Long time it's been but hope you're doing well. I am doing superb although I still don't think I'll be around as much – just have a lot going on in my life.

  2. Zach

    It's not a new topic, 2FA has been vulnerable for a while now if talking of using it with a phone and SS7 vulnerabilities. If being done with a physical token card, that's a bit different. Only reason this is garnering attention is due to the visibility of the individual involved.

    https://www.cyberscoop.com/finally-happened-criminals-exploit-ss7-vulnerabilities-prompting-concerns-2fa/

    http://www.securityweek.com/two-factor-authentication-bypassed-simple-attacks

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.