Hackers have taken control of a number of celebrity accounts on micro-blogging site Twitter, including those belonging to US president-elect Barack Obama and pop princess Britney Spears, says Sophos.
The security firm said hackers got their hands on tools used by Twitter's technical team to reset the email addresses assigned to certain accounts. They then proceeded to take control of 33 celebrity accounts, before leaving offensive or embarrassing messages.
This attack follows a phishing scam that duped members of the micro-blogging service into following a link to a fake Twitter homepage. Hackers were using the fake website in a bid to steal logins and passwords. Actor Stephen Fry was among the Twitter users caught out by the scam.
"This latest attack is actually much more serious than these people and organisations falling for a simple phishing attack. It appears that Twitter's systems were potentially exposing everybody's account to the danger of being taken over by hackers - this breach could actually have been much more serious and affected many more of Twitter's users," said Graham Cluley, senior technology consultant at Sophos.
"Twitter needs to take a long hard look at its security to ensure that this never happens again, and regain the confidence of its members. This shocking start to the year for Twitter should send a stark warning to any online company holding details of its users that it needs to make certain it has proper security in place to prevent illegitimate access."