Twitter Employee Account Hijacked - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Social
News
4/30/2009
07:10 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Twitter Employee Account Hijacked

A security breach of a Yahoo Mail account let one hacker peer at info about Barack Obama, Britney Spears, and others.

Another Twitter administrative account has been compromised, apparently as a result of the same weakness in the Yahoo Mail password-recovery system that allowed someone to hijack Alaska Gov. Sarah Palin's e-mail account last year.

Three days ago, Jason Goldman, a product manager at Twitter, posted that his Yahoo Mail account had been hacked.

On Wednesday evening, someone going by the name "Hacker Croll" posted 13 screenshots of Twitter's administrative console at several Web sites. One screenshot shows administrative information about Barack Obama's Twitter account. Another shows information about Britney Spears' account.

Over several posts, "Croll" explains that one of Twitter's administrators has a Yahoo account and that he or she reset the password by answering to the secret question. Croll adds that the mailbox contained a message with the Twitter account's password.

A Twitter spokesperson did not immediately respond to an e-mailed request to confirm that Goldman's account was compromised. Calls to the company headquarters in San Francisco went unanswered.

A blog post Thursday by Twitter co-founder Biz Stone states that this week someone did gain access to Twitter. The company's initial security review found no indication that any account information was altered, but 10 Twitter accounts were viewed during this breach. Presumably, this could only be done through an administrative account, but the blog post doesn't elaborate on the nature of the breach.

"Personal information that may have been viewed on these 10 individual accounts includes e-mail address, mobile phone number (if one was associated with the account), and the list of accounts blocked by that user," explained Stone. "We have personally contacted Twitter users whose accounts were compromised via this unauthorized access."

Twitter, he said, plans to conduct an independent security audit of its internal systems and to deploy additional anti-intrusion measures.

Similar promises were made following security incidents at Twitter earlier this year. In January, 33 Twitter accounts associated with celebrities were hacked through a brute-force password attack. In March, about 750 Twitter accounts were hacked and used to send spam. Two weeks ago, a computer worm hit Twitter in several separate attacks, generating almost 10,000 spam tweets and compromising at least 190 accounts.

In an e-mail earlier this month, the administrator of StalkDaily.com, going by the name "Mikeyy," took credit for the worm attack as a way to drive traffic to his site.

Coincidentally, Croll also posted a screenshot of an internal analysis of Twitter's last high-profile security incident, the Mikeyy Worm Attack.


InformationWeek Analytics has published an independent analysis on the current state of security. Download the report here (registration required).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll