Barcade Philly’s Twitter got hacked by black market account resellers

Social media managers were eventually able to recover the account.

Twitter screengrab

Updated Feb. 16

The Twitter account of Barcade Philly, a popular Fishtown bar equipped with retro arcade games, was taken over by Spanish-speaking hackers Thursday afternoon.

Late Thursday night. Barcade social media managers were eventually able to recover the account.

At first, when @barcadephilly got taken over, the hackers attributed the attempt to YouTube gaming star Vegetta777. However, the @Vegetta777 account has nearly 5.5 million followers, and showed no sign of being involved in the escapade.

Naming Vegetta was apparently just a joke, because within a few minutes, the actual person behind the theft changed the info on the account.

After running a program to delete all past tweets from the bar, a Peppa Pig face was inserted as the profile pic, and the bio was switched to a customized take on a meme joke, reading, in Spanish, “It wasn’t me, it was the cat from Spain.”

Twitter screengrab

The hackers then decided on a new name for the account: @SpainAlters2

The original @SpainAlters account appears to be connected to the account that eventually took responsibility for the hack — @TaVzGaming.

Both appear to trade in the buying and selling of “alt” accounts, which can be used to help boost stats and status in online gaming, or to mine bitcoins and other alt-currency. Alt accounts with authentic followers are considered more valuable, hence a reason hacks like this happen.

As for why the Barcade Philly account specifically was targeted, there is no clear answer.

Twitter screengrab

“It feels like it was sort of random,” said Randy Kim, the NYC-based social media manager for all of Barcade’s seven locations. He found out about the hack after Billy Penn left a message inquiring about it, he said, then acted quickly to change passwords and secure the company’s other social media accounts.

Kim also changed the passwords on the bars’ Gmail accounts, which were apparently also compromised.

Twitter screengrab

A report was quickly filed with Twitter, Kim said. Eventually, he was able to recover the account.

Setting up two-factor authentication — which requires a code in addition to a password for login — is designed to avoid hacks like this. It used to be inconvenient to set up 2FA for company accounts, where multiple people may need access, because originally the only way to get the code was via text message to a specific mobile phone. But in late December, Twitter added the option to use a third party authentication app (Google Authenticator is one), making it easier for accounts to be both secure and shared among coworkers.

Thanks for reading all the way

Seems you’re the kind of person who really digs in. Want more? Get an update direct to your inbox each morning, with everything you need to stay on top of Philly news.

Thanks for reading all the way

Been seeing you here a lot lately — seems like you’re the kind of newshound who really digs in. If you value the info we provide, become a member today!

Billy Penn runs on reader support

Like the story above, everything we publish is powered by people like you. If our work helps you learn about Philadelphia, we’d love to count you as a member.

Lock in your support

The article above was published thanks to your support! A monthly membership will help ensure Billy Penn can keep reporting on Philly news.

Spread the love

Billy Penn members like you are the reason our newsroom keeps going. Know someone who might want to support our work? Send them a note — they just might join the local journalism fight.