clock menu more-arrow no yes

Filed under:


Social engineering to blame in Syrian Electronic Army hijack of the Onion

New, 14 comments
The Onion hacked
The Onion hacked

When the Syrian Electronic Army hijacked The Onion's Twitter account earlier this week, it was tough to tell if it was merely the satirical news site making fun the handful of major news organizations who've been hacked recently, or if it was a genuine victim. Strangely, once The Onion began mocking itself for getting hacked, it was much more clear that, indeed, some hackers had taken over the publication's Twitter profile. Now, The Onion's tech team is explaining what happened.

In a post on The Onion tech team's GitHub blog, the fake news site explains that the Syrian Electronic Army didn't wrestle control of its Twitter account using some advanced hacker scheme. Rather, all it took was a series of phishing emails that baited Onion staffers into forking over their Google account login into, which led the Syrian Electronic Army to get the publication's Twitter login info. Now armed with a bit of hindsight, The Onion's tech team has offered up a few tips and is asking that you "don't let this happen to you." Among the suggested defense strategy is a rather simple proposal: make sure you're "suspicious of all links that ask them to log in, regardless of the sender."