News

Hacker steals Twitter admin password

Twitter's security was thrown into doubt as details emerged of how a French hacker obtained access to a Twitter staff account, allowing him to view user accounts on the micro-blogging site.

The hacker, known as "Hacker Croll", claimed that he was able to access Twitter's internal administration system after stealing a password from a member of staff. By resetting the employee's Yahoo password after guessing the "secret question", Hacker Croll claimed he found information about the staffer's Twitter login credentials.

The lapse in security raises questions about how secure Twitter really is. Last month, security researchers at Secure Science developed a proof of concept worm that uses a cross-site scripting flaw on Twitter. And over Easter, a teenage hacker attacked the site four times with a worm.

"If a Twitter employee loses their password, it seems hackers can run riot on the site and cause all sorts of problems. By making staff adopt the kind of hardware authentication keys that many online banking customers now need to use to login online, Twitter would make an attack like this less likely to succeed," said Graham Cluley, senior technology consultant at Sophos.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy