Twitter's network gets breached again
For the second time this year, someone has broken into Twitter's internal admin system and accessed accounts.
Twitter has confirmed that someone broke into its network and gained access to 10 accounts, which appear to include Britney Spears and Ashton Kutcher, according to screenshots posted on a French blog site.
"Our initial security reviews and investigations indicate that no account information was altered or removed in any way," Twitter co-founder Biz Stone wrote in a blog post Thursday afternoon.
"Personal information that may have been viewed on these 10 individual accounts includes email address, mobile phone number (if one was associated with the account), and the list of accounts blocked by that user," the posting said. "Password information was not revealed or altered, nor were personal messages (direct messages) viewed."
Stone did not respond to an e-mail seeking comment.
Someone using the alias "Hacker Croll" claims to have gotten access to a Twitter administrator's Twitter password by guessing the secret question to reset the administrator's password on a Yahoo e-mail account where the Twitter password was located, according to a post in the Warez Scene forum.
The 13 screenshots posted on the Korben blog and another site include not only what looks like admin pages for the celebrities' accounts, but also a page of blacklisted users and other administrative-type pages.
Sure enough, Twitter employee Jason Goldman tweeted on Monday that his Yahoo e-mail account had gotten hacked, IDG News Service discovered.
This isn't the first time Twitter's network has been breached. In January, someone hacked into the Twitter internal network and gained access to the Twitter accounts of President Obama, CNN anchor Rick Sanchez, and 31 other high-profile Twitterers. Wired later revealed that the hacker used an automated password guesser to figure out the Twitter administrator's password, which was "happiness."
The popular microblogging site has had more than its share of security challenges lately. It had to clean up after a series of worms spread quickly and modified user profiles a few weeks ago, as well as fight off an attack that hijacked accounts in March, and battle "clickjacking" attacks in February.