Updated Feb. 16
The Twitter account of Barcade Philly, a popular Fishtown bar equipped with retro arcade games, was taken over by Spanish-speaking hackers Thursday afternoon.
Late Thursday night. Barcade social media managers were eventually able to recover the account.
At first, when @barcadephilly got taken over, the hackers attributed the attempt to YouTube gaming star Vegetta777. However, the @Vegetta777 account has nearly 5.5 million followers, and showed no sign of being involved in the escapade.
Naming Vegetta was apparently just a joke, because within a few minutes, the actual person behind the theft changed the info on the account.
After running a program to delete all past tweets from the bar, a Peppa Pig face was inserted as the profile pic, and the bio was switched to a customized take on a meme joke, reading, in Spanish, “It wasn’t me, it was the cat from Spain.”
The hackers then decided on a new name for the account: @SpainAlters2
The original @SpainAlters account appears to be connected to the account that eventually took responsibility for the hack — @TaVzGaming.
Both appear to trade in the buying and selling of “alt” accounts, which can be used to help boost stats and status in online gaming, or to mine bitcoins and other alt-currency. Alt accounts with authentic followers are considered more valuable, hence a reason hacks like this happen.
As for why the Barcade Philly account specifically was targeted, there is no clear answer.
“It feels like it was sort of random,” said Randy Kim, the NYC-based social media manager for all of Barcade’s seven locations. He found out about the hack after Billy Penn left a message inquiring about it, he said, then acted quickly to change passwords and secure the company’s other social media accounts.
Kim also changed the passwords on the bars’ Gmail accounts, which were apparently also compromised.
A report was quickly filed with Twitter, Kim said. Eventually, he was able to recover the account.
Setting up two-factor authentication — which requires a code in addition to a password for login — is designed to avoid hacks like this. It used to be inconvenient to set up 2FA for company accounts, where multiple people may need access, because originally the only way to get the code was via text message to a specific mobile phone. But in late December, Twitter added the option to use a third party authentication app (Google Authenticator is one), making it easier for accounts to be both secure and shared among coworkers.