Twitter: Britney, Barack, Rick and Fox News weren't phished - they were hacked

Filed Under: Social networks, Twitter

Britney Spears

The guys at Twitter have posted more information on their website about the high profile accounts (belonging to the likes of Britney Spears, Barack Obama, Fox News, CNN's Rick Sanchez and others) that were compromised on their website today.

Fascinatingly, Twitter claims that these accounts were not broken into as a result of the widespread phishing attack that has taken place on Twitter over the last couple of days, but instead were the result of Twitter's own systems being compromised by hackers.

As a result, tools that normally only Twitter's technical support team can use to help locked-out members reset their email address were accessed by hackers, enabling them to steal control of the high profile accounts from their rightful owners.

As a result, Britney Spears's Twitter stream made claims about a sensitive part of her anatomy, Rick Sanchez's Twitter entry declared that he was high on crack, and Fox News appeared to published breaking news that Bill O'Reilly was gay.

This is actually much more serious than these people and organisations falling for a simple phishing attack. It appears that Twitter's systems were potentially exposing everybody's account to the danger of being taken over by hackers - it's just that they chose some 33 high profile accounts to abuse with their defacements.

Here's part of the statement from Twitter co-founder Biz Stone:

These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their Twitter account when they can't remember or get stuck. We considered this a very serious breach of security and immediately took the support tools offline. We'll put them back only when they're safe and secure.

What is still unclear is whether the person who hacked the accounts was an external hacker, or someone inside the Twitter organisation.

Twitter seem convinced that it was an individual rather than a gang of criminals, so it may be that they have identified the person responsible. If so, they may choose to involve the authorities to see justice done for what was both a cruel and criminal act.

Whether the full details of what actually happened are ever revealed remains to be seen. But one thing is for certain: Twitter has had an appalling start to 2009 from the security point of view.

So what of Britney herself? Well, there's been no word from the singing sensation - but someone who claims to be her Social Media Director did post a message on the Rolling Stone website apologising for any offence caused by the vulgar message:

Message on Rolling Stone website

, , , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.