[WASC-WHID] WHID 2011-50: Celebrity Ashton Kutcher Firesheep'd at TED Conference

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Mon Apr 25 09:08:24 EDT 2011

*Entry Title: *WHID 2011-50: Celebrity Ashton Kutcher Firesheep'd at TED
*WHID ID: *2011-50
*Date Occurred: *March 3, 2011
*Attack Method: *Stolen Credentials
*Application Weakness: *Insufficient Transport Layer Protection
*Outcome: *Session Hijacking
*Attacked Entity Field: *Web 2.0
*Attacked Entity Geography: *USA
*Incident Description: *High profile celebrity Ashton Kutcher had his
Twitter account hijacked at the celebrity infested Technology,
Entertainment, Design (TED) Conference, TED2011, in Long Beach, California,
on Wednesday.
Kutcher, best known for his role on the sitcom That 70's Show and, later, as
host of MTV's Punk'd prank show, found himself Punk'd Toorcon style, when an
unknown attacker hijacked an insecure Web session to post a message to
Kutcher's Twitter account, @aplusk.
"Ashton, you've been Punk'd. This account is not secure. Dude, where's my
SSL?" read the first message, which was posted around 17:30 Pacific Time on
Wednesday. A few moments later, another message went out to Kutcher's 6.4
million Twitter followers:
*Mass Attack: *No
*Reference: *
*Attack Source Geography: *
*Attacked System Technology: *Twitter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110425/af570095/attachment-0003.html>

More information about the wasc-whid mailing list