The official Twitter account of security guru John McAfee was apparently hacked on December 28th. As a result, the verified account with 531k followers was used by an unknown hacker to send several tweets promoting not so popular cryptocurrencies like Siacoin, NXT, XRP, PTOY, and BAT.
Although it is unclear how it happened McAfee claims the two-factor authentication was enabled on his account, someone may have compromised his smartphone to intercept the authentication code sent by Twitter.
At 12:04 AM UTC McAfee tweeted that his account was compromised and none of the tweets including “The coin of the day tweet” was sent by him. “Urgent: My account was hacked. Twitter has been notified. The coin of the day tweet was not me. As you all know… I am not doing a coin of the day anymore!!!!,” the tweet said.
Urgent: My account was hacked. Twitter has been notified. The coin of the day tweet was not me. As you all know… I am not doing a coin of the day anymore!!!!
— John McAfee (@officialmcafee) December 27, 2017
Moreover, McAfee shared a screenshot with the BBC and maintained that his calls and texts had been compromised.
McAfee, who is known as the founder of world-renowned McAfee VirusScan, said he was on a boat when the incident took place and there was no way to contact the carrier (AT&T). However, his critics took advantage of the situation and wondered how a security guru can have their social media account compromised.
https://twitter.com/MalwareTechBlog/status/946160747448483840
The disclaimer after the "help my twitter account's been hacked!'' warning is priceless. No more "coin of the day"? Where ever will I get my altcoin investment advice now? https://t.co/AN4EevLINl
— briankrebs (@briankrebs) December 27, 2017
McAfee then explained the situation in another tweet: “Though I am a security expert, I have no control over Twitter’s security. I have haters. I am a target. People make fake accounts, fake screenshots, fake claims. I am a target for hackers who lost money and blame me. Please take responsibility for yourselves. Adults only, please.”
Though I am a security expert, I have no control over Twitter's security. I have haters. I am a target. People make fake accounts, fake screenshots, fake claims. I am a target for hackers who lost money and blame me. Please take responsibility for yourselves. Adults only please.
— John McAfee (@officialmcafee) December 28, 2017
It is possible that the hacker exploited an old vulnerability in the Signalling System No. 7 (SS7) telecom network protocol that was previously used to hack any Facebook account by simply knowing the phone number linked to it. The same vulnerability was used in hacking Gmail accounts and Bitcoin wallets.
At the time of publishing this article, McAfee’s account was restored but there was no official comment from Twitter. However, the incident is an example how easy it is to hack someone’s social media accounts and it does not have to be an unsuspecting user, even security gurus can fall for it.
