Hacker: I broke into Twitter
For the second time this year, a hacker has gained administrative access to a Twitter employee's account.
On Wednesday, an anonymous hacker going by the name of Hacker Croll posted 13 screenshots to a French online discussion forum, apparently captured while logged into the Twitter account of Jason Goldman, a director of product management with Twitter.
Twitter cofounder Biz Stone confirmed the breach in a blog post Thursday afternoon. "This week, unauthorized access to Twitter was gained by an outside party," he wrote. "Our initial security reviews and investigations indicate that no account information was altered or removed in any way. However, we discovered that 10 individual accounts were viewed during this unauthorized access."
According to the screenshots, Hacker Croll was able to access account information belonging to high-profile Twitter users such as Britney Spears and Ashton Kutcher. He could also do things such as add or remove featured users, who are suggested to new Twitter members when they sign up.
The hacker may have been able to access information such as e-mail addresses, mobile-phone numbers and a list of the accounts blocked by these users, Stone wrote. "We have personally contacted Twitter users whose accounts were compromised via this unauthorized access," he said.
Hacker Croll claimed to have accessed Goldman's Twitter password by first gaining access to his Yahoo account. "One of the admins has a yahoo account, i've reset the password by answering to the secret question. Then, in the mailbox, i have found her [sic] twitter password," Hacker Croll said Wednesday in a posting to an online discussion forum. "I've used social engineering only, no exploit, no xss vulnerability, no backdoor, np sql injection."
On Monday, Goldman sent a Twitter message saying that his Yahoo mail account had been hacked.
Twitter has had a rash of security problems this year.
In January, another hacker going by the name of GMZ said he was able to gain access to an administrative account by guessing the password of a Twitter support staffer, according to a Wired report. The password was reportedly an easy-to-guess word: happiness.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
On Twitter now
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
This leaves two questions
When is Yahoo going to get rid of the stock security questions? This is not the first time someone has hacked a Yahoo Mail account.Two why was someone with such high security access using something as unsecure as Yahoo Mail?