Hacker Takes Over Oculus CEO's Twitter Account, Announces New CEO

Another day, another high-profile becoming victim of a hack attack. Somebody managed to find a way into Oculus CEO Brendan Iribe's Twitter account late Wednesday. The hacker, who appears to be a user who goes by the alias "lid" on Twitter changed Iribe's bio and cover photo, and made a couple of interesting "announcements" -- including him becoming the new CEO of Facebook-owned virtual reality company. TechCrunch reports:This is just the latest in a string of tech CEO's having their Twitter accounts compromised, this attack does not appear to be from the same hacker group responsible for the hacks on the accounts of Travis Kalanick, Sundar Pichai, Mark Zuckerberg and Dick Costolo. Late Wednesday night, Iribe's Twitter bio temporarily read, "hey its @Lid ... im not testing ya security im just havin a laugh." The hacker told me in a Twitter DM that he accessed the password via last month's MySpace breach, he also said that he also would've managed to access Iribe's email account had he not had two-factor authentication enabled.

C'mon -

[jpellino]

can't they be as least as creative as Bart Simpson's bar calls?

Re:

[AmiMoJo]

Can't Twitter finally implement a decent two factor authentication system? I mean, SMS messages, really?

Re:

[bungo]

They could have don't something creative, like give a tip to someone they don't like that their stock is going to plunge. Wait until the person has shorted the stock, then make some announcement (We're going into Chapter 11, etc).

Once the stock tanks, and your enemy has made some money, report them to the SEC for fraud, and tell the police that your enemy has hacked the account.

Sit back and watch them try to explain it.

"Hacker"

[MetalliQaZ]

You too can be elite if you copy a password out of a text file.

Couldn't have happened to a nicer guy

[evolutionary]

Bad karma and lack security: these guys have a unique developer API policy:They own whatever you develop for their platform. (surprised anyone agreed to this..) so I say "it couldn't happened to a nicer guy". Perhaps they were eluding to what should happen later on given they way they treat the developers who for some odd reason create stuff for their platform under ethically questionable terms.

They're lucky

[Rob Lister]

Had this been a pro they'd have sold this log-in. It seems feasible that if it were properly managed and timed, a more realistic "Announcement" could have yielded big bucks in stock trading. My wee brain can't wrap itself around someone that is smart enough to hack the account and too stupid to do anything useful with said hack. I'm going to suppose that said hacker isn't really evil. Hell, just letting the guy know privately that you did it and how you did it would probably be fairly profitable. Let's

Because cell plans and Twitter accounts are 1:1

[tepples]

When are high-profile people - particularly tech people - going to learn to use any of the multi-factor auth options available to them?

As soon as Twitter allows a person with more than one account to use two-factor authentication on more than one account without multiple cell phone lines.

If you control both a personal account and a business account, you can expect the following error message when adding a second account: "The phone number you gave us is currently used by another Twitter account. Only one account can be used with a mobile phone at a time." (screenshot [twitpic.com]). Many major 2FA IDPs other than Twitter support TOTP, and some support U