Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Privacy Security Social Networks Twitter IT

Hackers Break Into Ringo Starr's Twitter Account With Simple Password Reset 118

blottsie writes: Ringo Starr's account was compromised by a hacker operating under the username "af," who spoke to the Daily Dot about the breach. The hacker says he gained access to an email account associated with Doug Brasch, senior director of digital marketing at Universal Music Group, who managed Starr's Twitter account. He simply used an email password reset to gain access.
This discussion has been archived. No new comments can be posted.

Hackers Break Into Ringo Starr's Twitter Account With Simple Password Reset

Comments Filter:
  • Email got hacked (Score:3, Insightful)

    by Anonymous Coward on Monday February 15, 2016 @05:31PM (#51514837)

    so the real hack was the email account not twitter?

    • by LinuxIsGarbage ( 1658307 ) on Monday February 15, 2016 @05:42PM (#51514935)

      so the real hack was the email account not twitter?

      Exactly. If it was a "simple Password reset" it would have been:
      Security question: What's your favorite band?
      Answer: The Beatles.

      • The problem are these prefab password reset questions and the logical answers people give. When asked for birth date put something in that is clearly NOT your birthday. Asked for favorite band enter your least favorite food. Although I bet there is a band called "capers".
  • 31337 (Score:5, Insightful)

    by Jesse Enjaian ( 4417953 ) on Monday February 15, 2016 @05:33PM (#51514851) Homepage
    When did the word "hacker" become synonymous with "being a douchebag with computers?" I missed this cultural shift somewhere.
    • Re:31337 (Score:5, Informative)

      by malditaenvidia ( 4015209 ) on Monday February 15, 2016 @05:38PM (#51514889)
      Around the late 90's, if I recall correctly.
    • I can't confirm when it started, but it reached a peak when people started swiping their friend's unlocked smartphones and posting douchey photo to the owner's Facebook page, along with the text "You've been hacked LOL!"

  • I wonder how many celebrities don't even have access to (ostensibly) their own social media accounts?

    Also, who cares about Ringo Starr in 2016?

  • by Shawn Willden ( 2914343 ) on Monday February 15, 2016 @05:37PM (#51514885)

    I occasionally run into people who don't believe they need to be very careful with their e-mail security, because "it's only e-mail, it's not like my bank account or anything". But given that virtually every other online account you create uses e-mail to manage password reset, it is your bank account. And everything else.

    Use a good password on your e-mail account, and enable two-factor authentication. If your e-mail provider doesn't offer 2FA, or offers a form of it that's too inconvenient to use, get a better e-mail provider. #emailmatters

    • by Anonymous Coward on Monday February 15, 2016 @05:40PM (#51514913)

      #emailmatters

      #hashtagsareretarded

    • If you want a better e-mail provider you'll have to pay for it. If you ever get unable to pay (say, unemployment, homeless, prison, war, disease etc.) you're then at a risk of losing it all.
      As for 2FA there's no way I'm giving my phone number to $email_provider :). And I have never thought yet about what happens if I lose a phone number tied to a password!

      We need some way to be secure without recurring bills. e.g. using Firefox instead of IE was free at least.

      • As for 2FA there's no way I'm giving my phone number to $email_provider

        Well texts are far from being the ONLY way to get 2FA but beyond that, perhaps you're too paranoid to be on the internet?

      • If you want a better e-mail provider you'll have to pay for it.

        Gmail is free, and has excellent security. Better than any paid service I've seen, actually.

        As for 2FA there's no way I'm giving my phone number to $email_provider

        So, don't use phone-based 2FA. Continuing with Gmail as an example, you can get 2FA via security key (a little USB stick), smartphone app, printed codes (pieces of paper you carry in your wallet), SMS or voice phone. Only the last two involve your phone number. Though I have to wonder... just what do you think $email_provider is going to do with your phone number anyway? And if you don't want them to have it, you'd b

        • by N1AK ( 864906 )
          Was going to respond with most of the points made in this post, but will now just emphasise that 2FA exists in a number of formats that don't require you to give a mobile phone number. Personally I use Google Authenticator (an app on my phone), backed up by mobile phone SMS (optional), further backed up by a print out of 10 one use codes (I've used two, and keep half in my wallet and half at home).
    • by houghi ( 78078 )

      As I have my own domain (and others here might have as well) I use a simple way of using email.
      1) A spam account at gmx.com for rubbish. Many would use Google, I like GMX better, because it isn't google.
      2) A fristname.lastname@example.com that is only used when I am looking for a job. If I don't, all mails will be dropped.
      3) An email address for friends that will be filtered for spam
      4) An email address for every website that is important to me. e.g. shlashdot.org@example.com or bigbank.com@example.com.

      The l

      • by Mirar ( 264502 )

        I use the same scheme, although I'm harder with _everything_ gets their own email address.

        Small companies that look at things manually usually get confused when I fill in the email address "smallcompany.com@example.com". One even canceled an order because they didn't believe the email address. (Apologies and rebate though when I told them that yes, that's the correct one.)

        I also sort every @example.com in a separate mailbox. If anyone have a good tip of a good imap server/mail reader combo that can handle a

  • I've wondered why services don't allow you to do something like add a PGP public key, and all notifications from that site are sent encrypted to that key. If someone gets ahold of your reset email, well unless they have your private key and passphase, they're still out of luck. Furthermore, legit email notices could be signed by a known public key of the site.

    OK, it was a bit rhetorical perhaps, as I know not many are familiar with PGP to use it. Outlook doesn't support it out of the box so that cuts out a

    • I've wondered why services don't allow you to do something like add a PGP public key, and all notifications from that site are sent encrypted to that key. If someone gets ahold of your reset email, well unless they have your private key and passphase, they're still out of luck. Furthermore, legit email notices could be signed by a known public key of the site.

      OK, it was a bit rhetorical perhaps, as I know not many are familiar with PGP to use it. Outlook doesn't support it out of the box so that cuts out a lot of users right there. And even people technical enough to know what its doing don't always like it.

      And I guess the problem then would be people saying "I forgot my PGP passphase, please help!". So maybe it wouldn't actually solve much and still be prone to social engineering. But still. In 2016 I would have thought we'd have a better handle on privacy and security.

      Because that doesn't make sense from a business standpoint.

      2-factor authentication to your phone works for most consumers. For higher-value accounts of celebrities, etc..., people should be able to pay to have password resets confirmed by fedex or by phone call to their IT department/agent/secretary.

  • ...Slashdot is moderated by douches that work for a company that knows nothing about Slashdot's culture! God I wish someone would by Slashdot from Dice.
  • .....Ob-la-di-ob-la-da?
  • Wah... How could it be happen?
  • I had such high hopes for the new management, but it seems a case of "meet the new boss, same as the old boss." This isn't a story, it's not news for nerds, it's not stuff that matters. It's not even a hack. It even involves Twitter, which gives it negative points. What are we supposed to learn from this? Secure email accounts that don't belong to you? For a former celebrity who doesn't even use Twitter?
    • We hardly knew ye
  • it's not like a celebrity has any different security than normal people.

    But it's still funny.

    • Ringo isn't even involved. As stated, this was someone breaking into the email of the guy who runs Ringo's Twitter account.

  • The questions asked were his birthday and name of his nephew, both easy to find with Facebook. I was surprised when I entered the answers and it actually succeeded first try.”
  • Uh-oh, hope Pete Best has an alibi :-/
  • Can I use this "hack" to get my old, bot-stolen (because I obviously didn't care back then), twitter account back?

Recent investments will yield a slight profit.

Working...