According to The Guardian, he broke into Bushnell's EarthLink email account, exfiltrated some 50 pages of her next (still unpublished) novel, and has made the material available for download from a Google Drive account.
He then used her compromised Twitter account to post a message to her followers and the link to the material, saying “Here you can read my last book ‘killing monica’ first 50 pages; enjoy as long as you can!”
The Google Drive account also contained a number of private emails the author exchanged with her publisher following the breach.
Still, this incident could end up being positive for Bushnell, as this could be great (and free) publicity for the book in question. In fact, now that I think about it, this could also be a fake hack executed in order to drum up publicity for it.
“These types of attacks are often facilitated using social engineering or the process of tricking people - using psychological manipulation - into performing actions or divulging confidential information," Scott Behrens, principal security consultant at Neohapsis, commented for Help Net Security.
"Many methods of spear phishing use a form of deception, by masking what seems to be a legitimate email from say Twitter for example, but actually links to a spoofed website. This can be in the form of misspelled URLs or look-alike domains that use different suffixes (such as .us, .ca, and .biz). A crafty attacker may be able to trick a user into thinking they are logging into Twitter while capturing that user's login credentials during the ruse."
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.