Pro Golfer's 621K Followers Hit by Crypto Scam

It’s no secret that your social media accounts are the backbone of your brand's online presence and revenue stream. Every day, businesses pour countless hours into building their following and creating engaging content. But there is a worrying trend of high-profile accounts getting hacked only to start sharing crypto and other malicious scams.

A hacker can take control of your account in a few minutes and destroy the trust you have built with your audience over many years. What’s worse is that this trend isn’t stopping, and established audiences are being tapped into by attackers for financial gain.

That’s why in this blog post, we will examine the recent hack of pro golfer Graeme McDowell and how this targeted attack affected his audience. We’ll also discuss why you should care about the rise in social media hacks and provide five main steps to protect your X account.

With that out of the way, let’s get started.

What happened to LIV Golf's Graeme McDowell?

On February 10, 2026, LIV Golf star Graeme McDowell had his X account hacked. The hackers used his profile to post a message stating he was "lowkey proud" of picking up a brand-new Tesla Cybertruck through crypto investments. The tweet even thanked a "coach" for guidance (if you are not aware, that’s a common tactic used to lure unsuspecting followers into fraudulent schemes).

Soon after, McDowell tweeted to clarify the situation once he realized his account had been compromised. He apologized to his 621,000 followers and warned them to be careful of suspicious DMs asking for votes on podcasts. He explained that he received a message from a friend that seemed legitimate, which is how the hackers likely gained access.

This incident appears to be a targeted attack on LIV Golf figures, as McDowell was not the only victim. Jamie Kennedy, the director of digital content for Golf Digest, was also locked out of his X account on the same day.

Kennedy explained in a thread that he was logged out on all devices and his password had been changed, forcing him to submit a request to Twitter Support. Reading through his experience is a great way to know what to expect if you are ever locked out, though it is certainly not a fun process.

Why should you care about this?

We’ve seen a massive increase in social media hacks in recent years, particularly targeting high-profile accounts. Attackers want access to established audiences so they can exploit the trust between creators and their followers. This problem is widespread, affecting everyone from global enterprises to professional athletes.

We have previously reported on several high-profile hacks that follow this same pattern. For example, Real Madrid star Jude Bellingham's X account was hacked to promote a cryptocurrency scam. Similarly, the official X account for the NBA was compromised to push a fake "$NBA Coin" to its massive fan base.

What’s worse is that data shows that this trend is unfortunately not slowing down. A report on cybercrime revealed that 79% of organizations saw an increase in phishing attempts, and 94% of data breaches happen due to user error rather than technical exploits. And while this is something businesses must always keep in mind, it is not like there is nothing you can do to defend your brand.

How to protect your X account from hacks

While there are many specific things you can do to protect your business against online threats, it’s not absolutely necessary to do everything. Instead of overcomplicating your security, you should focus on a few core strategies that provide the best results.

Here are five main things you should do to successfully protect your X account from hackers.

1) Use a strong password

Passwords are the most important layer of defense that most people neglect. Unfortunately, people often use very simple passwords that are easy for hackers to guess using automated tools. As a result, accounts get hacked all the time because the "front door" was left virtually unlocked.

Instead, create a strong, unique password for every account you have. To create a strong password, make it at least 20 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. And avoid using names, birthdays, or common dictionary words that attackers can easily find through social media research.

2) Enable passkeys or 2FA for business

Passkeys are a modern security feature that links your account access to biometric data like Face ID or Touch ID. They work by creating a strong protective barrier that is much harder for hackers to bypass than traditional passwords. However, while passkeys are great for individual accounts, they are not very useful for business accounts since multiple people often need access to the same profile.

In that case, you should use two-factor authentication (2FA) for teams. 2FA for teams, like the one offered by Spikerz, centralizes your login codes to a single secure platform, allowing multiple authorized team members to access the account securely without needing to contact a main administrator for a code every time they want to log in.

3) Enable account monitoring

Account monitoring is the process of regularly reviewing your account's activity to detect suspicious actions and remove intruders quickly. It helps you identify abnormal patterns like login attempts from unrecognized locations. 

While there are different tools in the market (each specializing in a different area of cybersecurity), we recommend you use a specialized social media security tool like Spikerz.

Spikerz is an all-in-one social media security and protection platform designed to protect your online presence. Here’s how we can help secure your accounts:

• Account takeover protection: Spikerz continuously scans for unauthorized access attempts and immediately blocks intruders. Then it changes your password and alerts you to keep you safe.
• Phishing protection: Our AI-powered system automatically scans incoming messages and links for phishing attempts, removing them before they can compromise your data.
• Permissions management: Centralize all your social media role permissions in one dashboard, allowing you to assign specific access levels and revoke them instantly when team members leave.
• Impersonator takedown: The platform actively identifies fake accounts mimicking your brand and using your copyrighted content and helps you submit takedown requests to protect your reputation.
• Comment management: Our automated system uses natural language processing to filter out spam, trolls, and hate speech from your comment sections in real-time.

Are you ready to protect your social media accounts?

Book a demo to see Spikerz in action right now. We’ll show you exactly how Spikerz will protect your social media presence and give you peace of mind.

4) Use antivirus software

Antivirus software is a program designed to detect and remove malicious software from your computers and devices. It helps protect against info stealers that can help attackers bypass email and passwords altogether by stealing session tokens.

Note: this is how many high profile hacks happen on YouTube and Meta accounts.

If you want a recommendation, we suggest you check Bitdefender. It’s one of the best antivirus software solutions on the market. It provides complete protection and often includes a password manager to help you maintain strong security habits across your entire organization.

5) Have a social media security response plan

A social media security response plan is a written document that outlines exactly how your business will respond to potential breaches or PR crises. It helps social media teams act quickly and decisively, minimizing damage and restoring normal operations without making panic-driven decisions.

If you are interested, an example of how a response plan helps is the Dior hack we reported on a while ago. When hackers hijacked Dior's Instagram to promote a fake crypto coin, the brand's response team took action immediately. Since they had a plan, they were able to identify the problem, remove all fake posts, and regain control of the account within a very short window, which mitigated further financial loss for their followers.

Conclusion

Your social media’s security is too important to be left to chance. As we have seen with Graeme McDowell and other high-profile figures, even one minor mistake can lead to a breach that threatens your reputation and your audience’s safety.

That’s why you must build a strong defense by using complex passwords, enabling team-based 2FA, and monitoring your accounts for suspicious activity. These layers of protection work together to make your accounts an unattractive target for cybercriminals.