He probably only just woke up, but today is already a very bad day for American TV actor Dorion Standberry, one of the stars of College Hill on the BET network. His Twitter profile says “I act, I model, I sing, I socialize!!“, he can add “I get pwned” to that list now too.
It appears that an attacker compromised his email account and then used this access to change his victim’s Twitter account password, leaving Mr. Standberry powerless to stop the attack. His account has since been restored and the messages deleted. In a (slightly confrontational) interview on V-103 Atlanta, Dorion apologised for any distress that had been caused
At about 7:45 am UK time the first suspicious looking message appeared on Dorion’s Twitter stream
The hijacked account was then continuously updated for over 5 hours and the content got steadily more lurid, more defamatory and involved steadily more victims.
The attacker posted many telephone numbers that they claimed had been copied from the victims’s email address book, including Dorion’s own number and home address and Nicole Ritchie’s telephone number. They posted the contents of personal emails and repeatedly posted naked photographs of the victim up on the twitpic website.
I called the telephone number posted as belonging to the victim in order to let him know of the attack. The number was genuine, but the voice mail was not taking messages. I also contacted Twitter asking them to suspend the profile.
At one point in this stream of accusations, invective and stolen personal information the attacker appeared to justify their actions by accusing Mr. Standberry of murder and also of infidelity with someone the attacker presumably cared about.
Here are a few tips for maintaining password security online.
Choose three complex passwords, easy to remember but difficult to guess, use a combination of numbers, upper and lower case letter and special characters like !£$@&. (Trend Micro’s advice on password creation is available in our Safe Computing Guide).
Use the first password as a general one for the majority of sites that require passwords to login. The second password, use for your email account and only your email account. Finally use the third password for any websites that could have financial consequences such as online banking or payment sites. Never share any of these passwords, and change them every six months.
It is also important to ensure that your “secret question” is up to scratch. When you forget the password to an online account, there is often a link that will allow you to enter a new password as long as you can answer the security question. The problem with this is that many of the default questions are weak and easily guessed if your attacker knows you, or if you’re not careful with your personal data online.
Go now and see how easy yours would be to guess, you might be saving yourself a lot of trouble in the future if you change it now.