Twitter's network gets breached again

For the second time this year, someone has broken into Twitter's internal admin system and accessed accounts.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read

Twitter has confirmed that someone broke into its network and gained access to 10 accounts, which appear to include Britney Spears and Ashton Kutcher, according to screenshots posted on a French blog site.

"Our initial security reviews and investigations indicate that no account information was altered or removed in any way," Twitter co-founder Biz Stone wrote in a blog post Thursday afternoon.

"Personal information that may have been viewed on these 10 individual accounts includes email address, mobile phone number (if one was associated with the account), and the list of accounts blocked by that user," the posting said. "Password information was not revealed or altered, nor were personal messages (direct messages) viewed."

Stone did not respond to an e-mail seeking comment.

Someone using the alias "Hacker Croll" claims to have gotten access to a Twitter administrator's Twitter password by guessing the secret question to reset the administrator's password on a Yahoo e-mail account where the Twitter password was located, according to a post in the Warez Scene forum.

The 13 screenshots posted on the Korben blog and another site include not only what looks like admin pages for the celebrities' accounts, but also a page of blacklisted users and other administrative-type pages.

Sure enough, Twitter employee Jason Goldman tweeted on Monday that his Yahoo e-mail account had gotten hacked, IDG News Service discovered.

This isn't the first time Twitter's network has been breached. In January, someone hacked into the Twitter internal network and gained access to the Twitter accounts of President Obama, CNN anchor Rick Sanchez, and 31 other high-profile Twitterers. Wired later revealed that the hacker used an automated password guesser to figure out the Twitter administrator's password, which was "happiness."

The popular microblogging site has had more than its share of security challenges lately. It had to clean up after a series of worms spread quickly and modified user profiles a few weeks ago, as well as fight off an attack that hijacked accounts in March, and battle "clickjacking" attacks in February.

This screenshot shows what appears to be an administrator view of Britney Spears' Twitter account. This and 12 other screenshots were posted on the Internet by a hacker claiming to have gained access to the Twitter system by getting a Twitter administrator's password from his Yahoo e-mail account after breaking into that. Korben