High profile celebrity Ashton Kutcher had his Twitter account hijacked at the celebrity infested Technology, Entertainment, Design (TED) Conference, TED2011, in Long Beach, California, on Wednesday.
Kutcher, best known for his role on the sitcom That 70’s Show and, later, as host of MTV’s Punk’d prank show, found himself Punk’d Toorcon style, when an unknown attacker hijacked an insecure Web session to post a message to Kutcher’s Twitter account, @aplusk.
“Ashton, you’ve been Punk’d. This account is not secure. Dude, where’s my SSL?” read the first message, which was posted around 17:30 Pacific Time on Wednesday. A few moments later, another message went out to Kutcher’s 6.4 million Twitter followers:
“P.S. This is for those young protesters around the world who deserve not to have their Facebook & Twitter accounts hacked like this. #SSL”
Its not know how attackers were able to hijack Kutcher’s Web session, but hacking Twitter sessions was one of the core features included with the popular Firesheep browser plug in. That tool, first demonstrated at the ToorCon Security Conference in San Diego last October, allows casual Web users to execute Web session hijacking over insecure wireless hotspots.
As the defacement posts on Kutcher’s account suggest, the fix for Firesheep and similar attacks is straight forward: users should use SSL encrypted Web sessions whenever possible. In the wake of the Firesheep controversy, Twitter, Facebook and Microsoft’s Hotmail service have all added SSL-enabled browsing options to their Web services.
The messages remained up Thursday, with no additional posts to the account.
Twitter hacks of prominent celebrities have become common. Recently, the account of it-girl Kim Kardashian was compromised by unknown assailants. Previous attacks have targeted the likes of Barack Obama (then President-Elect) and the account for Fox News.