« CheckFree warns 5 million customers after DNS hack | Main | Sacked Croydon hacker spied on former colleagues' e-mails »

Twitter hacked via weak passwords to admin system

"A teenage hacker, known in the digital underground as GMZ, claims he obtained access to the micro-blogging site’s admin controls using a brute force dictionary attack. After guessing the login identity of an administrator, in part based on the large number of people she followed, GMZ ran an automated password guessing program overnight to reveal that 'Crystal' used the eminently guessable password of "happiness". The 18-year-old student then used these details to offer up access to Twitter accounts on request through Digital Gangster, an underground hacker forum, Wired reports.

The move enabled griefers to break into the Twitter feeds of the likes of Britney Spears, Fox News and US President-Elect Barack Obama on Monday to push out bogus messages. GMZ sat on the sidelines during this attack because he had failed to use a proxy during his password cracking attack, making him more at risk of identification.

The man behind the mischief offered a instant message interview with Wired after other hackers implicated him in the attack. GMZ backed up the story that he broke into Twitter's admin system by offering a video of the initial attack, which has since been published on YouTube." - Thereg

Read more: http://www.theregister.co.uk/2009/01/07/twitter_hack_explained/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

did the Twitter Admin change his password to "sadness" after he was hacked? haha... ok not funny

Lets hope

a. they moved the sysadmin interface to intranet only
b. they learned what password policies are
c. for their sake they don't get pwned again :)