Has the Vogue website been hacked by dinosaurs?

If you go down to the Vogue UK website today, you could be in for a big surprise…

Because, strange things may happen if you enter the following “Konami code”: ↑ ↑ ↓ ↓ ← → ← → (up up, down down, left right, left right on the cursor keys) then press “B”, “A” and “Enter”.

Vogue website, complete with dinosaur

Do you see that strange prehistoric creature at the bottom of the webpage?

Sign up to our free newsletter.
Security news, advice, and tips.

The one brandishing a full set of teeth and a stylish line in bright red headwear?

Vogue website close-up

Yep, I think you’ve spotted it now.

Assuming that Vogue didn’t want the latest fashions paraded on its homepage by T-Rex and Diplodicus, the most likely other explanation is that hackers found a flaw on the website which allowed them to inject a small script that watches for the keysequence and then triggers its terrifying payload.

I guess we should be grateful that it doesn’t do something more sinister, like play old songs by the Partridge Family or replace anorexic model photos with pictures of hamburgers.

But there’s a serious issue here. If hackers were able to break into Vogue’s website and embed this code they could just have easily planted something malicious. The potential for harm is much greater than the chances of you being a Brontosaurus’s breakfast.

Vogue should review its website security, ensure that its software and patches are up-to-date and conduct a thorough audit to see if anything else has changed on their site.

Update: Apparently the same Konami code works on the Wired website. Both Wired and Vogue are part of the Conde Naste publishing family. There are some reports that Vogue’s web developers deliberately embedded the dinosaur payload as an “easter egg”. The problem with these kind of tricks is that they can appear so similar to genuine hacking attempts. For instance, the hackers who hid “Asteroids” behind a Konami code on US govt websites earlier this year.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

4 comments on “Has the Vogue website been hacked by dinosaurs?”

  1. According to the webmaster (whose twitter handle I can't remember) it's deliberate and they haven't been hacked.

    1. Graham CluleyGraham Cluley · in reply to Ryan Cullen

      Yup, I'm not denying that possibility. Hence the question mark in my headline.

      The problem with these kind of tricks is that they can appear so similar to genuine hacking attempts. For instance, the hackers who hid "Asteroids" behind a Konami code on US govt websites earlier this year: http://nakedsecurity.sophos.com/2013/01/28/hackers-asteroids-government-websites/

  2. Ryan Cullen

    Found it https://twitter.com/iansteadman/status/354906235742593025

  3. Samantha Miguelle

    I tried this hack at least 15 times and it did'nt work ,and I tried refreshing the page lots of times but nothing changed.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.