Husain Parvez
Published on: July 23, 2025
The official X account of Elmo, a Sesame Street character followed by families worldwide, was briefly hijacked on July 14 to post racist, antisemitic, and political hate speech. The breach shocked users and highlighted major cybersecurity gaps in brand-managed social media platforms.
Sesame Workshop confirmed the incident, saying Elmo’s account “was briefly hacked by an outside party in spite of the security measures in place.” The organization added, “These posts in no way reflect the values of Sesame Workshop or Sesame Street, and no one at the organization was involved.”
The offensive messages were deleted within 30 minutes, but not before screenshots spread widely. According to reports, posts included slurs, antisemitic slogans, and political jabs related to Donald Trump and the Epstein case. The attacker remains unidentified.
Experts say high-visibility accounts are prime targets for attackers seeking to sow chaos rather than steal data. “Brute-force attacks make a lot of noise and can trigger alerts,” said Daniel Tobok, CEO of Cypfer. “It’s not the most popular strategy anymore because it’s so noisy.”
Tobok explained that breaches like this often originate from credential leaks. “A lot of credentials are harvested and sold on the dark web despite strong passwords or MFA barriers,” he said, noting that social media admins frequently reuse passwords or store them insecurely.
He warned that attackers can reroute account alerts to avoid detection. “There really isn’t public-facing software that notifies you,” he added, pointing out that executives often aren’t the ones managing accounts, leaving detection gaps.
The Elmo incident follows similar takeovers of high-profile social media pages and reinforces the need for organizations to audit admin access, rotate passwords, and use strong MFA protocols.
Parents concerned about inappropriate content from verified accounts may also consider content filtering tools or parental controls. Though the posts were swiftly removed, the hack damaged public trust in a brand associated with childhood safety.
