Change Your Twitter Password… Now!

In: Twitter

7 Jan 2009

hacker-insideNow that the identity of the hacker that caused some havoc on Twitter a couple of days ago is known and he’s admitted how easy it was for him to infiltrate the system, we can only hope that Twitter is working hard on beefing up security so this doesn’t happen again. This time it was mostly funny and the hackers posted tweets that for the most part no one would have believed anyway, but they could have done far worse and actually been quite malicious.

The original hacker — he had friends — who goes by the name GMZ, says he originally gained access to a Twitter user’s account who he believed to be simply a popular user but he later discovered that she was actually a staffer. He used an automated password guessing script he developed himself that searches dictionary words until it finds the one a person used as their password. The Twitter staffer — who I prefer not to name because I’m sure she’s getting enough grief already — used the word “happiness” for her password.

Once he had access to her account he had access to the administrative panel and was able to change the password of any Twitter account. The security hole that allowed the hacker to run his script is a flaw in the system that allows multiple quick-fire password guesses.

GMZ did not post the bogus tweets for all the accounts that were hacked, including Obama, Britney Spears, CNN, Huffington Post, and Rick Sanchez. Instead, he announced on a hacker forum that he had access and gave the information to five other hackers.

Twitter co-founder Biz Stone says that Twitter is looking into the situation and they are also waiting to hear from their attorney about what their responsibilities are and what to do next.

There are two things that any Twitter user should do immediately. First, change your passwords and make sure to use a combination of letters and numbers. DO NO user a simple word. Second, stop giving your password out to all the Twitter apps that serve no real purpose anyway. If it’s not a service you actually find useful like TweetDeck and they require a password, think twice before using it.

For further details about the hacker and the actual steps he took, read this article on Wired. They even have a video he posted on YouTube showing his actual hack.

Share
  • I agree but in this case I think Twitter needs to immediately create passwords for their staffers instead of letting them pick their own. It would also be a good idea to periodically rotate the passwords.
  • Anyone who uses simple words, or easily-guessed personal 'numbers', as passwords is, well, a simpleTON.

    The Wild Wild Web is like a frontier bar. There are a whole crew of dangerous characters, and if you give them a chance, they'll peek at your poker hand - your password(s) - they maybe even shoot you through the table - hack the **** out of your entire online presence.

    Caveat surfer, dude. And dude-ette.
blog comments powered by Disqus

Follow Hugh Briss

Subscribe via RSS or Email and follow me on Twitter and Facebook.
    



Recent Designs

StudioPress Premium WordPress Themes

Latest Tweets


Join me on Facebook

Copyright © 2009 HughBriss.com
Hugh Briss is the owner of Social Identities and Custom Backgrounds for Twitter.