Saturday, May 2, 2009

Twitter Confirms Security Breach

Via H-Online -

Twitter has now confirmed that there was unauthorised access to its administration interface. The French blog Korben has published screen-shots which show details of the accounts belonging to Ashton Kutcher, Lily Allen, Britney Spears and Barack Obama.

The details shown in the screen-shots relate to access statistics, email addresses and block lists, but do not appear to include passwords. According to Sophos' Graham Cluley, the attacker gained access to the administration system by guessing the "secret question" for a Twitter employee's Yahoo mail account, allowing them to reset the password. They then found the login credentials for that employees Twitter account in the email.

Twitter said that, after reviewing the incident, only ten individual accounts were displayed and that no passwords were changed or personal direct messages viewed. It says it will now be conducting an "independent security audit of all internal systems" and plans to implement "additional anti intrusion measures".

No comments:

Post a Comment