If you are one of the 55,000+ people who follow grunge band Garbage on Twitter, you probably recall this Oct. 17 tweet:
“We will have a surprise for you all if you all do that! it involves whipped cream and shirley…”
Unbeknownst to fans, the tweet was not made by lead singer Shirley Manson or any of the band’s members, but rather by a hacker.
The hacker, posing as Manson and pretending to be completely drunk, promised to follow users back and even plug them if they commented on a YouTube video with the phrase “Garbage sent me.” Before long, he started using Garbage’s account to post spam links from ad.fly, a service that shortens URLs and pays users a small amount each time someone clicks.
“Here’s a great idea. Seeing as how this alcohol is insanely expensive compared to the US alcohol, everyone click this: [spam link],” the hacker tweeted.
On YouTube and Twitter, users began to suggest the possibility that Garbage’s Twitter account had been hacked. The hacker initially denied the allegations, but soon revealed that this was indeed the case.
“Why doesn’t anyone like me. Also I hacked this stupid motherfucking band and have been fucking with you for ages! [spam link] XOXO,” the hacker tweeted.
The hacker continued to flaunt his success at hacking the account. Eventually, Manson herself appeared to have regained control of @garbage, though this remains unverified. More recent tweets suggested that followers report the hacker using the various adf.ly links as evidence.
“Twitter support have recommended I deactivate my account to prevent him getting on. I guess I’ll do that. Bye. edit: [spam link],” the account’s most recent tweet read.
The @garbage account is the latest to have been a target for hackers. On Oct. 1, The Daily Dot reported the case of Twitter user @blanket, whose attempts to recover his stolen account exposed a number of teenage account hijackers who exploit loopholes in Twitter security.
While it’s not clear whether this hacker is affiliated with the group that hacked @blanket and other Twitter accounts earlier this month, he claims this is not his first account takeover.
“All you people saying I’m dumb. I’ve made over 19 dollars by spamming ad.fly links. I hack twitters and spam them great money,” the hacker wrote using Garbage’s account. The tweet has since been deleted.
Jim Prosser, a spokesperson for Twitter, told the Daily Dot that the company reminds users to select strong passwords, access their accounts from Twitter directly, and to not click on suspicious links.
“The most important thing we do is remind users to have strong, unique (e.g. not used for another service) passwords, make sure they’re actually on twitter.com when they click on a link purporting to take them to Twitter, and use HTTPS (which we turn on by default) when connecting to Twitter.
You should also note that our t.co link shorterner protects users from malicious sites that engage in spreading malware, phishing attacks, and other harmful activity. A link converted by Twitter’s link service is checked against a list of potentially dangerous sites. Users are warned with the error message below when clicking on potentially harmful URLs,” Prosser wrote.
This is not Garbage’s first encounter with Twitter troubles. In May 2012, lead singer Shirley Manson battled false accusations and harassment from a cyberstalker.
Photo via Stig Nygaard/Flickr