Sophos: Celebrity twitter account hack raise serious security questions
January 2009 by Sophos
Break-in at accounts of Britney Spears and Barack Obama more worrying than widespread phishing scam which troubled Twitters. Sophos believes that the embarrassing defacements of celebrity Twitter accounts yesterday demonstrate a worrying security problem for micro-blogging service, Twitter.
Tools that normally only Twitter’s technical support team can use to help locked-out members reset their email address were accessed by hackers, enabling them to steal control of the accounts from their rightful famous owners.
Hackers have targeted the accounts of 33 high profile users with the latest attack, including Britney Spears, American news presenter Rick Sanchez, and president-elect Barack Obama. The message walls of the affected accounts were defaced with offensive or embarrassing messages, which have now been removed by Twitter staff.
This security breach follows news that several Twitter members have recent fallen victim to a phishing attacks which saw cybercriminals seize control of user accounts and use them to send spam messages throughout the Twitter community.
"This latest attack is actually much more serious than these people and organisations falling for a simple phishing attack. It appears that Twitter’s systems were potentially exposing everybody’s account to the danger of being taken over by hackers - this breach could actually have been much more serious and affected many more of Twitter’s users,” said Graham Cluley, senior technology consultant at Sophos. "Twitter needs to take a long hard look at its security to ensure that this never happens again, and regain the confidence of its members. This shocking start to the year for Twitter should send a stark warning to any online company holding details of its users that it needs to make certain it has proper security in place to prevent illegitimate access."