10 May 2013

The Onion Twitter Account Hacked via Cascade Phishing Attack

During the initial stage, the cyber-hacktivist team sent a regular phishing message to a number of staffers, advising them to read a piece allegedly posted on the Washington Post blog. Instead of taking them to the blog, the URL redirected the victim to a Google Apps phishing page, where they had their e-mail credentials stolen.

As detailed in the post-mortem report on the tech team’s blog, once the attackers had access to valid company e-mails, they sent the phishing message as a password reset warning, claiming at least two more victims.

“After discovering that at least one account had been compromised, we sent a company-wide email to change email passwords immediately. The attacker used their access to a different, undiscovered compromised account to send a duplicate email which included a link to the phishing page disguised as a password-reset link,” reads the blog post.

In the process, they managed to seize control of an account used to manage The Onion’s Twitter account. According to a brief casualty report, it appears the hackers took control of at least five accounts.

The whole incident would have been avoided if staff members could have spotted a simple phishing attack and refuse to hand over their credentials to the attackers.