The hacker, known as "Hacker Croll", claimed that he was able to access Twitter's internal administration system after stealing a password from a member of staff. By resetting the employee's Yahoo password after guessing the "secret question", Hacker Croll claimed he found information about the staffer's Twitter login credentials.
The lapse in security raises questions about how secure Twitter really is. Last month, security researchers at Secure Science developed a proof of concept worm that uses a cross-site scripting flaw on Twitter. And over Easter, a teenage hacker attacked the site four times with a worm.
"If a Twitter employee loses their password, it seems hackers can run riot on the site and cause all sorts of problems. By making staff adopt the kind of hardware authentication keys that many online banking customers now need to use to login online, Twitter would make an attack like this less likely to succeed," said Graham Cluley, senior technology consultant at Sophos.