CGISecurity Logo

Twitter hacked via weak passwords to admin system

"A teenage hacker, known in the digital underground as GMZ, claims he
obtained access to the micro-blogging site’s admin controls using a
brute force dictionary attack. After guessing the login identity of an
administrator, in part based on the large number of people she
followed, GMZ ran an automated password guessing program overnight to
reveal that 'Crystal' used the eminently guessable password of
"happiness". The 18-year-old student then used these details to offer
up access to Twitter accounts on request through Digital Gangster, an
underground hacker forum, Wired reports.

The move enabled griefers to break into the Twitter feeds of the
likes of Britney Spears, Fox News and US President-Elect Barack Obama
on Monday to push out bogus messages. GMZ sat on the sidelines during
this attack because he had failed to use a proxy during his password
cracking attack, making him more at risk of identification.

The man behind the mischief offered a instant message interview with Wired
after other hackers implicated him in the attack. GMZ backed up the
story that he broke into Twitter's admin system by offering a video of
the initial attack, which has since been published on YouTube." – Thereg

Read more: http://www.theregister.co.uk/2009/01/07/twitter_hack_explained/