French hacker gains access to Twitter's admin panel

UPDATE2: Twitter confirms the unauthorized access.UPDATE: The Twitter admin hack appears to be the result of a successful social engineering attack against one of Twitter's employees -- similar attack took place in January this year.

UPDATE2: Twitter confirms the unauthorized access.

UPDATE: The Twitter admin hack appears to be the result of a successful social engineering attack against one of Twitter's employees -- similar attack took place in January this year. Here's a retrospective of the events that took place.

Yesterday, a French hacker claimed to have gained access to Twitter's administration panel, and based on the screen shots that he included featuring internal data for accounts belonging to U.S President Barack Obama, Britney Spears, Ashton Kutcher, and Lily Allen, as well as a detailed overview of different sections behind the scenes of Twitter, his claims seem pretty legitimate.

The hacker going under the handle of Hacker Croll featured 13 screenshots of Twitter's admin panel, and commented that "The images were taken from the Admin area that was secured with .htaccess." It's still unclear whether any data belonging to account holders was modified, but one has to assume that given the access obtained, there's a high chance that he was able to download anything he wanted to.

The attack comes two weeks after multiple variants of Mickeyy's XSS worm hit the continuously growing micro-blogging service.

UPDATE: The screenshots were obtained through the account of a Twitter employee who reported that his Yahoo! Mail account got compromised on the 27th - "Wow - my Yahoo mail account was just hacked."; "If anyone with Yahoo! Security is out there, hit me up with an reply".

Interestingly, Hacker Croll goes into more details regarding the compromise on a different forum - "one of the admins has a yahoo account, i've reset the password by answering to the secret question. Then, in the mailbox, i have found her twitter password." and that he "used social engineering only, no exploit, no xss vulnerability, no backdoor, no sql injection".

Similar password reset attack contributed to the successful hacking of Sarah Palin's personal email account in September last year.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All