Twitter’s ’10 Macbooks’ hacker continues to run amok, scamming on the platform

Don’t be left with the form of an “L” in your brow: For those who see a celeb promoting, oh say, 10 MacBooks for round $600 every on Twitter, we are able to assure that the celeb’s account has been hacked…even when the account belongs to the web’s favourite 90s band: Smash Mouth.

Over the previous few months, a hacker or group of hackers have been stealing influential high-profile accounts. Mashable first solely reported on the hacks final week. 

Principally, as soon as the hacker accesses an account, they start sharing a rip-off providing model new MacBooks for well-below retail worth. Mashable heard from those that fell for the rip-off, taken in by seeing the supply from a person they’ve lengthy adopted and trusted, with out understanding that the account had been hacked. The sufferer then sends the cash by way of a peer-to-peer fee service like Zelle, Cashapp, or Apple Pay, which doesn’t present purchaser safety or refunds.

Hey now, you’re an all-star

On the day our report was revealed, the hacker reached out to the writer of the piece via a Twitter account that they had simply hacked(Opens in a new tab) hours prior.

“i’ll hack you subsequent,” the hacker mentioned in a direct message(Opens in a new tab) to me by way of the Twitter account belonging to Smash Mouth.

“ur 2 step dosent matter 😂,” they mentioned in a observe up, referring to two-factor authentication, a safety step that makes it tougher for unauthorized entry into accounts. Twitter, below the management of Elon Musk, turned off two-factor authentication by way of textual content message that very same day for Twitter customers except they paid to subscribe to Twitter Blue.

Shortly after these messages, the Smash Mouth Twitter account deleted the MacBook rip-off tweets and revealed a brand new publish saying that the band as soon as once more had entry to the account.

“We lastly acquired our account again,” @SmashMouth tweeted. “Fuck these hackers.”

Nonetheless, that was not true. That tweet was additionally from the hacker.

The hackers, posing as Smash Mouth, claimed the band acquired their account again. They didn’t.
Credit score: Mashable Screenshot

“PAGE IS STILL HACKED,” tweeted(Opens in a new tab) Ron Xepoleas of Smash Mouth’s administration. “THIS IS NOT SMASH MOUTH POSTING!”

Mashable reached out to Xepoleas, who defined that that is the second time the Smash Mouth account was hacked. And, it might very nicely be by the identical hacker too. Again in late October of final yr, verified Twitter customers reported(Opens in a new tab) receiving DMs from the Smash Mouth account asking them to go to a Twitter web page to confirm their Twitter account or they’d lose their checkmark. The web page, after all, was a faux phishing web page set as much as steal their info. The DM from October seems to be precisely the identical because the DM we beforehand reported on that’s being utilized by the hackers stealing accounts in the present day. The one distinction is that the hackers have moved on to a brand new web site URL.

Xepoleas defined that he fell for the hack the primary time and clicked on the hyperlink himself. Nonetheless, he’s uncertain how the hackers acquired entry to the account once more this yr.

When Smash Mouth was hacked the primary time, it was simply days earlier than Elon Musk formally acquired Twitter so there have been delays in getting the account again. It took over a month for somebody at Twitter to assist out.

And sadly for Smash Mouth, the Twitter worker who helped them final time was fired by Musk in the latest spherical of Twitter layoffs final month.

“All we all know is since Elon took over we’ve been hacked twice and have misplaced over 40k followers,” Xepoleas advised me.

As of publishing time, the Smash Mouth account was nonetheless hacked.

You would possibly as nicely be strolling on the solar

Since Mashable’s first report, we now have heard from quite a few individuals sharing their tales about different hacked accounts. And, a number of accounts have been hacked simply this previous week, since we’ve reached out to Twitter to tell them of the difficulty. Many of those accounts are nonetheless hacked, energetic, and scamming customers.

Rapper Motion Bronson’s account was hacked(Opens in a new tab) and pushed the “10 MacBooks” rip-off again in November of final yr.

Comic Bobby Lee’s Twitter account, @BobbyLeeLive, was additionally hacked again throughout that month and first(Opens in a new tab) tweeted the “10 MacBooks” scheme on Nov. 15 of final yr. Actually, it seems his account continues to be hacked over 4 months later.

Final yr, various his followers instantly observed the hack and screenshotted tweets of the account providing “10 MacBooks” on the market for $600.

“Hiya twitter household !” reads the November tweet. “I’ve 10 MacBooks that I’ll personally signal myself , that you would be able to buy for $600 and free Delivery ! First come first serve foundation , and all proceeds will probably be going to charity ! MY DMS ARE OPENED IF INTERESTED.”

Bobby Lee's hacked account

A screenshot of the “10 MacBooks” rip-off being tweeted from Bobby Lee’s account in November 2022.
Credit score: Mashable Screenshot

If that message seems to be acquainted, that’s as a result of it’s the identical actual tweet that was posted on hacked accounts belonging to Duck Dynasty‘s Jase Robertson, The American Prospect‘s David Dayen, and Winnie Wong of Bernie Sanders’ 2020 presidential marketing campaign, per Mashable’s final report on the difficulty. It seems the identical tweet will get posted on all of those hacked accounts.

All through the following few months(Opens in a new tab), the Bobby Lee account would continue(Opens in a new tab) to publish tweets making an attempt to rip-off his followers. Tons of of different Twitter customers, together with different influential(Opens in a new tab) Twitter accounts, reported Lee’s hacked account to Twitter. Nonetheless, the corporate didn’t reply.

Many of the rip-off tweets on Bobby Lee’s account are now not seen on the platform. It’s unclear if the scammer eliminated the lacking tweets or if the tweets had been auto-removed resulting from mass person reporting of the particular tweets. It doesn’t appear to be Twitter particularly intervened, nevertheless, as a rip-off tweet from February nonetheless seems on the account.

The hacks hold coming they usually don’t cease coming

Raffi Cavoukian, the beloved youngsters’s singer, was targeted(Opens in a new tab) by these hackers earlier this week.

Raffi advised Mashable that he acquired a DM from Asami Terajima, a journalist with Kyiv Unbiased. Nonetheless, Terajima’s account was hacked. And, oddly sufficient, the scammer focusing on Raffi had modified Terajima’s profile identify to appear to be the account belonging to Justin Solar, a controversial cryptocurrency founder who was charged(Opens in a brand new tab) with fraud by the SEC simply days later.

The DM despatched from Terajima’s hacked account to Raffi included the identical DM message linking to a phishing web page made as much as appear to be an official Twitter web site. The URL used this time was “,” the identical area we reported on final time that was being despatched from Winnie Wong’s hacked account.

Twitter Phishing Page

A screenshot of the phishing web page utilized by the scammers to steal accounts.
Credit score: Mashable Screenshot

Kyiv Unbiased senior editor Oleksiy Sorokin confirmed that they had been in a position to regain entry to Terajima’s account.

“Additionally, @elonmusk and @TwitterSupport thanks for eradicating the fundamental security options,” he tweeted. “Nice job.”

Whereas Raffi was in a position to keep away from getting hacked, others haven’t been so fortunate.

On Thursday evening actress Rachel Zegler’s Twitter account had started posting the “10 MacBooks” rip-off tweets. This time, the hackers deployed a brand new measure to cover their rip-off. They first made Zegler’s account non-public, so solely her present followers may see her tweets. This might make it tougher for outdoor events, like reporters who is perhaps acquainted with the rip-off, to trace her hacked account and warn her followers. 

As of Friday, the Shazam! actress’ account was unlocked. A tweet from the account claimed(Opens in a new tab) that Zegler had regained management, nevertheless it’s value noting that that Smash Mouth’s account as soon as falsely claimed that its rightful homeowners had regained entry.

Along with Zegler, a string of well-known drag queens, equivalent to Gottmik from RuPaul’s Drag Race had been additionally hacked and tweeting out the “10 MacBooks” rip-off this week as nicely.

In fact, hacks and phishing scams are usually not new and they don’t seem to be distinctive to any social media web site. Nonetheless, of the hacked customers we spoke to, all identified that the dearth of a big response from Twitter itself within the aftermath of Elon Musk’s takeover will not be one thing that they skilled on the platform earlier than.

With Twitter’s plan to take away the verification badge from all influential and high-profile customers who don’t pay, it appears the alternatives for scammers trying to impersonate celebrities is just going to multiply.

Mashable reached out to Twitter for remark. The corporate’s press e-mail auto-responded with a poop emoji.

Twitter’s Head of Belief and Security, Ella Irwin, did publicly reply on Twitter on March 18 to a person inquiring about Mashable’s first report on the difficulty.

“I don’t know what DMs had been acquired however we’ll examine Matt’s account compromise report and any others we’re notified about,” Irwin tweeted(Opens in a new tab). “I might not robotically assume Matt’s account compromise is straight associated to any others.”