Ooops! Twitter Learns a Lesson in Passwords

A few days ago GMZ (a hacker) helped himself to some high profile accounts on Twitter.:o Naughty, naughty hacker.:P This however is not the most amazing thing in the world nor is it, in itself that interesting, the intersting thing is how lax twitter are with their password security. The way he gained control of these acounts was ridiculusly simple.

  1. He found a highly active account on twitter. Which, later turned out to be that of a Twitter employee who had access to ALL acount passwords.
  2. He used an automated dictionary program that tries common English words as passwords. He ran the program all night, with no interference.

    Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts.

  3. The Twitter employee used a common English word (happiness) as a password.
  4. Once into the account, he could access the passwords of any account on Twitter.

GMZ says he didn’t post on the hacked accounts, but gave away the information to forum members who did.

President-Elect Barack Obama was among the most popular requests from Digital Gangster denizens, with around 20 members asking for access to the election campaign account. After resetting the password for the account, he gave the credentials to five people.

He also filled requests for access to Britney Spears’ account, as well as the official feeds for Facebook, CBS News, Fox News and the accounts of CNN correspondent Rick Sanchez and Digg founder Kevin Rose.  Other targets included additional news outlets and other celebrities. Fox won the hacker popularity contest, beating out even Obama and Spears. According to Twitter, 33 high-profile accounts were compromised in all.

You can see some of the chaos in these screenshots.

Okay so not my usual bouncy and unique view of an article but I would really like to hear what you have to say about this one. I’m sure some of you have an opinion or comment on this so don’t be shy. Share it with the world! :D

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top