Is Your Twitter Account Safe?

Last May a hacker called Hacker Croll hacked a twitter admin account and quickly posted 13 screenshots of the twitter admin panel on a French message board. This included admin screenshots of celebrity accounts like Barack Obama and Ashton Kutcher. This isn’t he first time Twitter has been hacked and likely will not be the last.

How did Hacker Croll hack the Twitter admin account? You may remember that late last year Republican vice presidential candidate Sarah Palin’s Yahoo mail account hacked. The twitter admin account was hacked just the same way. Yahoo clearly has some Internet security issues with their so-called security questions.

It’s been quiet for Twitter since the hacker posted screenshots last May until now. On Tuesday, TechCrunch said it received a compressed file containing 310 documents. TechCrunch Editor, Michael Arrington, said they documents were mildly embarrassing but not otherwise noteworthy. A few, however, did contain sensitive information such as mobile phone numbers and security passcodes. Twitter founder Evan Williams has reportedly confirmed the authenticity of the documents.

Now the hacker is claiming he was able to compromise the Twitter accounts of founder Evan Williams, his wife and several employees. With the information he obtained he was also able to gain access to Williams Paypal, Amazon, Apple, AT&T, MobileMe and Gmail account among other things.
Williams has confirmed the attack but assures all Twitter users that accounts are safe and uncompromised.

Yes, we did suffer an attack a few weeks ago and are familiar with this list of stuff. This is unrelated to the hack of twitter where someone gained access to user’s accounts. This had nothing to do with the security of, and there were no user accounts compromised here.
Some notes:

– He did not actually gain access to my @ev Twitter account (or any Twitter accounts) nor any administrative functions of the site.
– There is also no evidence that he gained access to my email. There was one administrative employee who’s email was compromised, as was my wife’s Gmail account, which is where he got access to some of my credit cards and other information.
– He also successfully targeted a couple other employees personal accounts (Amazon, AT&T, Paypal…)

In general, most of the sensitive information was personal rather than company-related. Obviously, this was highly distressing to myself, my wife, and other Twitter employees who were attacked. It was a good lesson for us that we are being targeted because we work for Twitter. We have taken extra steps to increase our security, but we know we can never be entirely comfortable with what we share via email.

TomSoft also received sensitive documents from Hacker Croll. Who explained his side of the story and reasoning behind the hack.

What I would like to say is that even the biggest and the strongest do silly things without realizing it and I hope that my action will help them to realize that nobody is safe on the net. If I did this it’s to educate those people who feel more secure than simple Internet novices.And security starts with simple things like secret questions because many people don’t realise the impact of these question on their life if somebody is able to crack them.

Unfortunately, we’ll never 100% security for personal data especially for those of us using the internet actively. However, we can take steps to prevent personal and private information from being distributed round the internet such as changing our passwords often and using tougher security question answers.


Leave a Reply