Software // Social
News
4/30/2009
07:10 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Twitter Employee Account Hijacked

A security breach of a Yahoo Mail account let one hacker peer at info about Barack Obama, Britney Spears, and others.

Another Twitter administrative account has been compromised, apparently as a result of the same weakness in the Yahoo Mail password-recovery system that allowed someone to hijack Alaska Gov. Sarah Palin's e-mail account last year.

Three days ago, Jason Goldman, a product manager at Twitter, posted that his Yahoo Mail account had been hacked.

On Wednesday evening, someone going by the name "Hacker Croll" posted 13 screenshots of Twitter's administrative console at several Web sites. One screenshot shows administrative information about Barack Obama's Twitter account. Another shows information about Britney Spears' account.

Over several posts, "Croll" explains that one of Twitter's administrators has a Yahoo account and that he or she reset the password by answering to the secret question. Croll adds that the mailbox contained a message with the Twitter account's password.

A Twitter spokesperson did not immediately respond to an e-mailed request to confirm that Goldman's account was compromised. Calls to the company headquarters in San Francisco went unanswered.

A blog post Thursday by Twitter co-founder Biz Stone states that this week someone did gain access to Twitter. The company's initial security review found no indication that any account information was altered, but 10 Twitter accounts were viewed during this breach. Presumably, this could only be done through an administrative account, but the blog post doesn't elaborate on the nature of the breach.

"Personal information that may have been viewed on these 10 individual accounts includes e-mail address, mobile phone number (if one was associated with the account), and the list of accounts blocked by that user," explained Stone. "We have personally contacted Twitter users whose accounts were compromised via this unauthorized access."

Twitter, he said, plans to conduct an independent security audit of its internal systems and to deploy additional anti-intrusion measures.

Similar promises were made following security incidents at Twitter earlier this year. In January, 33 Twitter accounts associated with celebrities were hacked through a brute-force password attack. In March, about 750 Twitter accounts were hacked and used to send spam. Two weeks ago, a computer worm hit Twitter in several separate attacks, generating almost 10,000 spam tweets and compromising at least 190 accounts.

In an e-mail earlier this month, the administrator of StalkDaily.com, going by the name "Mikeyy," took credit for the worm attack as a way to drive traffic to his site.

Coincidentally, Croll also posted a screenshot of an internal analysis of Twitter's last high-profile security incident, the Mikeyy Worm Attack.


InformationWeek Analytics has published an independent analysis on the current state of security. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Social is a Business Imperative
Social is a Business Imperative
The use of social media for a host of business purposes is rising. Indeed, social is quickly moving from cutting edge to business basic. Organizations that have so far ignored social - either because they thought it was a passing fad or just didnít have the resources to properly evaluate potential use cases and products - must start giving it serious consideration.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest Septermber 14, 2014
It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.