Activist Hacks Ashton Kutcher’s Twitter Account To Push For Increased Security
Ashton Kutcher, who traveled to technology conference TED this week, has been punk’d. That’s what happens when you hang out on the same wireless network as a bunch of technology geeks — who probably don’t even need hacking-made-easy-tool Firesheep to eavesdrop on Internet sessions on unencrypted Web pages.
Kutcher’s over six million followers are now going to be aware of Twitter’s lack of security thanks to these two tweets Wednesday night:
The hacker who likely accessed Kutcher’s account through a shared wireless network at TED2011 in Long Beach, California, tweeted, “This account is not secure. Dude, where’s my SSL?” followed by “This is for those young protesters around the world who deserve not to have their Facebook Twitter accounts hacked like this.”
This security problem with Twitter got widespread attention last year, due to the release of Firesheep — a program that made hacking a fellow wireless network user’s account on non-encrypted sites easy. Pressure was put on companies like Facebook and Twitter to make their websites “https” (or encrypted) by default. Facebook has since made it an option for users to enable that feature (though it’s still not a default). Twitter also has a https option, though it’s also not the default.
Back in November 2010 during the Firesheep controversy, Twitter told me: “Protecting users and providing a safe Twitter experience is incredibly important to us. We’re actively exploring avenues for increasing user safety that would address this issue.”
We’ll see if the hacking of a high-profile user’s account makes Twitter explore those avenues more quickly.
Update (March 3): Twitter’s PR account tweeted late Wednesday night, “Users can use Twitter via HTTPS: http://t.co/q84H6K3. We’ve long been working on offering HTTPS as a user setting will share more soon.”
(To avoid @aplusk’s fate, make sure you do your tweeting at https://twitter.com/.)
By on 08/03/2011