Thursday, April 30, 2009

Yet Another Case of Bad Password Management: Twitter Employee Account Hijacked

Thomas Claburn writes on InformationWeek:

Another Twitter administrative account has been compromised, apparently as a result of the same weakness in the Yahoo Mail password-recovery system that allowed someone to hijack Alaska Gov. Sarah Palin's e-mail account last year.

Three days ago, Jason Goldman, a product manager at Twitter, posted that his Yahoo Mail account had been hacked.

On Wednesday evening, someone going by the name "Hacker Croll" posted 13 screenshots of Twitter's administrative console at several Web sites. One screenshot shows administrative information about Barack Obama's Twitter account. Another shows information about Britney Spears' account.

Over several posts, "Croll" explains that one of Twitter's administrators has a Yahoo account and that he or she reset the password by answering to the secret question. Croll adds that the mailbox contained a message with the Twitter account's password.

A Twitter spokesperson did not immediately respond to an e-mailed request to confirm that Goldman's account was compromised. Calls to the company headquarters in San Francisco went unanswered.

More here.


Post a Comment

<< Home