Cyber Incident Victim: Christine & the Queens
Date:
Jan 2015
Location:
France
Summary
The Twitter account of Christine & the Queens was compromised by attackers who posted fraudulent tweets promoting weight loss products, redirecting followers to scam websites selling counterfeit supplements like Garcinia Cambogia Extract. The attackers likely gained access through weak credentials or phishing tactics, exploiting the artist's platform to target followers with dangerous commercial scams. This incident endangered users by exposing them to deceptive health products, mirroring similar compromises of other celebrities' social media accounts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 27, 2015, at 20:53 CET, the Twitter account of French artist Christine & the Queens (@QueensChristine) was compromised by a hacker. The attacker posted an English-language tweet promoting rapid weight loss solutions to the account’s 19,800 followers. The message contained a link directing users to fraudulent websites impersonating *Womens Health* magazine, which advertised counterfeit dietary supplements branded as *Garcinia Cambogia Extract* and *Mangue Africaine* (African Mango). These sites operated as scam platforms selling unverified products under false pretenses. The breach mirrored similar incidents targeting high-profile accounts, including singer Taylor Swift, whose social media had previously been hijacked for comparable schemes.
Christine & the Queens publicly acknowledged the compromise through a follow-up tweet stating, *"Donc, la prochaine fois que vous me voyez parler de régimes ou d'astuces beauté en tout genre, fuyez, ils m’auront kidnappée"* (translation: *"So next time you see me talking about diets or beauty tips of any kind, run away—they will have kidnapped me"*). This response, while humorous, highlighted the artist’s awareness of the breach but did not address specific security measures taken to reclaim the account or prevent recurrence. The attacker’s access method was not formally confirmed but aligned with patterns observed in other celebrity account takeovers, likely obtained through simple passwords or targeted phishing campaigns against the artist or her team. The incident exposed followers to financial scams and potentially harmful products, leveraging the artist’s credibility to amplify fraudulent content. Attackers behind the operation had a documented history of exploiting compromised accounts to promote counterfeit goods, including a multi-year campaign misusing journalist Melissa Theuriau’s likeness for similar scams. No collaborative mitigation efforts between the artist and platform security teams were disclosed in available reporting.