Hacker steals Twitter admin password


Hacker steals Twitter admin password

Cliff Saran

Twitter's security was thrown into doubt as details emerged of how a French hacker obtained access to a Twitter staff account, allowing him to view user accounts on the micro-blogging site.

The hacker, known as "Hacker Croll", claimed that he was able to access Twitter's internal administration system after stealing a password from a member of staff. By resetting the employee's Yahoo password after guessing the "secret question", Hacker Croll claimed he found information about the staffer's Twitter login credentials.

The lapse in security raises questions about how secure Twitter really is. Last month, security researchers at Secure Science developed a proof of concept worm that uses a cross-site scripting flaw on Twitter. And over Easter, a teenage hacker attacked the site four times with a worm.

"If a Twitter employee loses their password, it seems hackers can run riot on the site and cause all sorts of problems. By making staff adopt the kind of hardware authentication keys that many online banking customers now need to use to login online, Twitter would make an attack like this less likely to succeed," said Graham Cluley, senior technology consultant at Sophos.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy