Barcade Philly’s Twitter got hacked by black market account resellers

Social media managers were eventually able to recover the account.

barcadephilly-hacked-featured
Twitter screengrab
danya

Updated Feb. 16

The Twitter account of Barcade Philly, a popular Fishtown bar equipped with retro arcade games, was taken over by Spanish-speaking hackers Thursday afternoon.

Late Thursday night. Barcade social media managers were eventually able to recover the account.

At first, when @barcadephilly got taken over, the hackers attributed the attempt to YouTube gaming star Vegetta777. However, the @Vegetta777 account has nearly 5.5 million followers, and showed no sign of being involved in the escapade.

Naming Vegetta was apparently just a joke, because within a few minutes, the actual person behind the theft changed the info on the account.

After running a program to delete all past tweets from the bar, a Peppa Pig face was inserted as the profile pic, and the bio was switched to a customized take on a meme joke, reading, in Spanish, “It wasn’t me, it was the cat from Spain.”

barcadephillyhacked-peppapig
Twitter screengrab

The hackers then decided on a new name for the account: @SpainAlters2

The original @SpainAlters account appears to be connected to the account that eventually took responsibility for the hack — @TaVzGaming.

Both appear to trade in the buying and selling of “alt” accounts, which can be used to help boost stats and status in online gaming, or to mine bitcoins and other alt-currency. Alt accounts with authentic followers are considered more valuable, hence a reason hacks like this happen.

As for why the Barcade Philly account specifically was targeted, there is no clear answer.

barcadephillyhacked9
Twitter screengrab

“It feels like it was sort of random,” said Randy Kim, the NYC-based social media manager for all of Barcade’s seven locations. He found out about the hack after Billy Penn left a message inquiring about it, he said, then acted quickly to change passwords and secure the company’s other social media accounts.

Kim also changed the passwords on the bars’ Gmail accounts, which were apparently also compromised.

barcadephillyhacked-gmail
Twitter screengrab

A report was quickly filed with Twitter, Kim said. Eventually, he was able to recover the account.

Setting up two-factor authentication — which requires a code in addition to a password for login — is designed to avoid hacks like this. It used to be inconvenient to set up 2FA for company accounts, where multiple people may need access, because originally the only way to get the code was via text message to a specific mobile phone. But in late December, Twitter added the option to use a third party authentication app (Google Authenticator is one), making it easier for accounts to be both secure and shared among coworkers.

Thanks for reading another Billy Penn story

Seems you’re the kind of person who really digs in. Want more? Sign up for our free morning newsletter, the easy way to stay on top of Philly news.

Thanks for reading Billy Penn

Like the story above, everything we publish is powered by our members. If you enjoy reading, join today: Just $5/month makes more difference than you’d think.

Thanks for reading! We need you.

Reader donations power our newsroom. If Billy Penn helps you feel more connected to Philly, we’d love to count you as a member. Will you join us?

Lock in your support

Reader support powers our newsroom. A monthly membership helps lock it in.

Can we count on you as a Billy Penn sustainer?

Winning the local journalism game

Thank you: Member support powers our newsroom.

Know someone else who might like our work? Invite them to sign up for our free morning newsletter.