Jack Johnson – no, not the singer-songwriter one, the one that’s half of Vine-born rappers Jack & Jack – has been hacking his fans… with permission.
He’s been suggesting fans send him their Twitter passwords, so he can log in to some of their accounts to post personalised messages and videos, accompanied by the hashtag #HackedByJohnson. Which sounds fun, and plenty of fans seem happy to send him their passwords. The problem is that security experts aren’t impressed: explaining to Ars Technica that not only is it a risk for fans – it may even be illegal under the US Computer Fraud and Abuse Act. “From a security standpoint, the promotion’s structure needlessly exposes both fans and the entertainer to risk,” said law professor Andrea Matwyshyn. “Encouraging fans to engage in bad password practices and to expose themselves to increased risk of identity theft is not looking out for fans’ best interests. Password hoarding also places a bullseye on the entertainer as an attractive target for malicious attackers, further potentially placing fans at risk.” Maybe not such a good idea, even though Johnson’s own lawyer says he deletes the passwords immediately after using them.