A Twitter user who claimed to hack the official account of deceased Beatle George Harrison on Tuesday is now warning “literally every” musician and artist to change their passwords or risk being hacked themselves.
“It’s famous musicians and artists at risk. If you’re a celebrity, you should change your password immediately,” the user, who self-identified as J5Z, told The Daily Beast. “Literally everyone should just create a new email, think of a new password, and do it for every account.”
The account for Harrison’s estate sent out several tweets and changed its bio information to, “Hey George, follow @j5zlol when you see this and shoot me a DM. I’ll help you secure your accounts :) I don’t want to cause you any harm, bud” around 2 p.m. on Tuesday.
Minutes later, @j5zlol tweeted “Well shit I hacked someone and I didn’t even know they was dead.. my bad,” then his account was suspended. A tweet from Harrison’s account echoed that sentiment, saying “SORRY” for not knowing about Harrison’s death and that “IVE BEEN LIVING UNDER A ROCK. MY BAD PPL.”
The Daily Beast reached out to @j5zlol before their account was suspended, and another user employing a similar naming convention contacted us in return. That account, claiming to be J5Z, was able to send screenshots proving that they were inside the @j5zlol account on an iPhone and that they could no longer perform actions due to the account’s suspension.
J5Z also sent The Daily Beast a screenshot from a control panel within record producer RL Grime’s Instagram account, which was hacked earlier in the day.
They also claimed to have hacked the accounts for singer-songwriter Cody Simpson, psych rockers Tame Impala, Rolling Stones guitarist Keith Richards, indie crooner Bon Iver, and EDM DJ Nick Warren.
“However, you may have noticed that bomb threats were tweeted. That was not me,” said J5Z. “That was a 'friend.’”
On Sunday, Tame Impala’s hacked account tweeted “I HAVE 15 C4’S IN MY BAG AND 12 PIPEBOMBS IN MY BAG ALSO IM GOING TO BLOW UP ONE OF YOUR PLANES IN 30 MINUTES!! @JETBLUE.”
J5Z insists this wasn’t their work, and wants to make it clear that they’re doing this so they can “raise more awareness” about a potentially larger and more devastating attack.
“At first I did this for fun, but I never wanted to do this to ruin people’s careers,” the user said. “I’m just doing it to prevent that from ever happening in case someone who knows how to do it comes along and possibly does some damage. I don’t want to be seen as a bad person, even though I’m most likely being seen like that already.”
Two hours before the Harrison hack, the NFL’s official account was also taken over by a hacker who claimed that NFL Commissioner Roger Goodell was dead. The tweets were removed within minutes. Shortly afterward, songstress Lana Del Rey’s account was hacked with messages like, “bush did 9/11” and “all muslims are terrorists smh.” Those were deleted almost instantly.
J5Z said they had nothing to do with those attacks, but they know the people behind them and which method they used, adding that “some are old friends, some are not.”
When asked if they were friends in person or on the web, J5Z said they just knew them from the internet.
“I have no friends irl that’s why I hack people lol,” wrote J5Z.
“I don't know how many people know how to do this. However, I know the people that are doing it,” the self-described hacker added. “The accounts that you have mentioned, I know who hacked them, but I'm not going to give names. It is down to them if they want to admit if they done it or not.”
Now J5Z says they’re trying to warn people against the methods used by hackers like him or herself. When the hacker found their way into British DJ Nick Warren’s Twitter account on Tuesday, they wrote a similar message to the one they left for Harrison’s estate. “Please DM me when you can see this so I can help your accounts become more secure, thanks,” it read.
“I'm not here to cause harm,” J5Z told The Daily Beast. “I’m here to help people.”
Their biggest tip to everyone—not just celebrities—is to change the password and the email addresses associated with your social accounts as soon as possible. And when you do, make sure to make both the email address and password basically unidentifiable.
“Use multiple emails, passwords, etc. Don’t use the obvious stuff like your (date of birth) or name in your password or email,” they said. “Stop using information that anyone can guess.”
J5Z claims to be from Canada, but their iPhone screenshots reveal a telecom provider from the UK. The hacker claims that the location is “a fake” and that they operate through a VPN.
Although J5Z declined to reveal how they executed the hacks, the cyberpirate claimed that today’s hacks are all using the same method and there’s only one way to stop it: Change your password, and right away.
“The method is simple, yes. Anyone can do it,” warned J5Z. “It's just they don't know how to.”