Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Twitter hacker shakes up social networking site admin

Sophos : 04 May, 2009  (Technical Article)
A hacker has gained access to an admin account on the Twitter social networking site after guessing secret question on Yahoo web mail
IT security and control firm Sophos is advising that Twitter hardens its security as a French hacker claims he broke into Twitter's internal administration system, enabling him to access the accounts of millions of Twitter users - including Barack Obama, Britney Spears, Ashton Kutcher and Lily Allen.

The hacker - known as 'Hacker Croll' - claims that he was able to access Twitter's internal administration system after stealing a password from a staffer at the micro-blogging website. It is alleged that by resetting the employee's Yahoo password after guessing his 'secret question', Hacker Croll found the information about the staffer's Twitter login credentials.

Claims appear to be confirmed by screenshot images uploaded to a French blog, which give a glimpse into the micro-blogging site's admin panel revealing that the likes of Kutcher and Allen have blocked other Twitter users, such as celebrity gossipmonger Perez Hilton, from contacting them. Amongst the private information accessible was the email addresses of compromised accounts, mobile phone numbers (if one was associated with the account), and the list of accounts blocked by the affected user.

'This is just the latest in a string of security issues at Twitter in recent months, and the website is surely in danger of losing the confidence of its users who will be rattled by yet another breach,' said Graham Cluley, senior technology consultant at Sophos. 'Just like with the recent Twitter worm outbreaks, this is not so much a case of Twitter raising awareness amongst its many users about sensible online security, but learning a few lessons itself. Careless security by the micro-blogging site could potentially put millions of Twitter users at risk.'

Sophos advises that Twitter's internal security could be improved if staff were forced to log in using authentication tokens that provide a randomly generated key upon login, meaning that even if a staffer's username and password is compromised hackers would not be able to gain access.

'If a Twitter employee loses their password, it seems hackers can run riot on the site and cause all sorts of problems. By making staff adopt the kind of hardware authentication keys that many online banking customers now need to use to login online, Twitter would make it far less likely that an attack like this could succeed,' explained Cluley. 'Let's not forget, although many will blame Twitter for not ensuring that its staff followed sensible policies to better secure critical administrator accounts, the real criminal here is Hacker Croll.'
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo