Dancing with Hackers



Two beautiful women dancing on dance floor in bar

Dancing with the Stars pro Witney Carson announced on Twitter that her Facebook account had been hacked. Unknown miscreants gained control of Carson’s Facebook through a unique phishing technique and proceeded to upload spamming material to not only her page, but resharing items to other celebrity pages.

Now, there are two questions that immediately come to mind:

  1. Who is Witney Carson?
  2. How was their Facebook account hacked?

Unfortunately, I don’t know the answer to either of these questions. Prior to reading about the story in Pop Culture, I had personally never heard of Witney Carson. But that doesn’t matter, because it goes to show that you don’t have to be a global superstar with millions of followers to be an attractive target.

Even accounts with a few hundred thousand followers (or even fewer depending on the industry) can be juicy targets for attackers looking to leverage the victim’s brand to spread malware or spam.

So, the question becomes, how did Carson’s account get hacked?

There are a number of possibilities:

  • It could be that Carson used an easily guessable password.
  • Maybe Carson re-used a password which was previously breached.
  • An agent / assistant had access to the Facebook account and the breach occurred there somehow.
  • Carson played a ‘Facebook game’ or allowed access via a third party which scraped her details.

There could be many other ways, but what is clear is that by taking a few relatively simple steps such as practicing good password hygiene and enabling 2FA could have prevented the account takeover.

It’s important that organisations protect their own social media accounts as well as ensuring its staff know how to best protect their accounts. New school security awareness training can help educate your users on how to secure an account, otherwise, accounts can be take over by criminals – and while it may not feel like a big deal, the impact of a compromised account can have far-reaching repercussions that affect the whole organisation.


Are your user’s passwords…P@ssw0rd?

Employees are the weakest link in network security, using weak passwords and falling for phishing and social engineering attacks. KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.

wpt02Here's how it works:

  • Reports on the accounts that are affected
  • Tests against 10 types of weak password related threats
  • Does not show/report on the actual passwords of accounts
  • Just download the install and run it
  • Results in a few minutes!

Check Your Passwords

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/weak-password-test



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews