New Twitter hack as director's account targeted

A hacker has gained administrative access to a Twitter employee's account, for the second time this year.

Share

A hacker has gained administrative access to a Twitter employee's account, for the second time this year.

An anonymous hacker going by the name of Hacker Croll posted 13 screen shots to a French online discussion forum, apparently captured while logged into the Twitter account of Jason Goldman, a director of product management with Twitter.

Twitter chief executive Biz Stone confirmed the breach in a blog post on Thursday. "This week, unauthorised access to Twitter was gained by an outside party," he wrote.

"Our initial security reviews and investigations indicate that no account information was altered or removed in any way. However, we discovered that 10 individual accounts were viewed during this unauthorised access."

According to the screen shots, Hacker Croll was able to access account information belonging to high-profile Twitter users such as Britney Spears. He could also do things such as add or remove featured users, who are suggested to new Twitter members when they sign up.

The hacker may have been able to access information such as email addresses, mobile-phone numbers and a list of the accounts blocked by these users, Stone wrote. "We have personally contacted Twitter users whose accounts were compromised via this unauthorized access," he said.

Hacker Croll claimed to have accessed Goldman's Twitter password by first gaining access to his Yahoo account. "One of the admins has a yahoo account, i've reset the password by answering to the secret question. Then, in the mailbox, i have found her [sic] twitter password," Hacker Croll said on Wednesday in a posting to an online discussion forum. "I've used social engineering only, no exploit, no xss vulnerability, no backdoor, np sql injection."

On Monday, Goldman sent a Twitter message saying that his Yahoo mail account had been hacked.

Twitter has had a rash of security problems this year.

"Recommended For You"

Security researchers ponder possible Palin hacks Namecheap says accounts compromised in hacking incident