Twitter’s Admin Password Was ‘Happiness’ … No Seriously
Over the past week, an 18 year old hacker got into Twitter’s internal administrative area. After penetrating the system, he wrote funny Twitter messages (“tweets”) at the expense of FOX News, Britney Spears, Barack Obama, etc. The way he was able to get into Twitter’s admin area was by using an automated password guesser. Twitter’s admin login on their server allowed rapid log-in attempts. Eventually the password that worked was “happiness.”
“I feel it’s another case of administrators not putting forth effort toward one of the most obvious and overused security flaws,” wrote the hacker in an IM interview with Wired. “I’m sure they find it difficult to admit it.” The 18 year old lives on the East Coast and goes by the alias of GMZ. Other hackers helped him with the attack. The hacker used a dictionary password attack against a popular Twitter user named Crystal who has over 7,000 followers. It turned out that Crystal was a Twitter staff member and he had the ability to access any other Twitter account by reseting them within the admin area.
After getting within the admin area, the hacker wrote a post on Digital Gangster, a forum for hackers offering access to anyone’s Twitter account by request. Below is a video that he created to prove to other hackers that he was able to break into Twitter. Hackers wanted access to the profiles of Barack Obama, Britney Spears, Rick Sanchez, Kevin Rose, and FOX News.
“We’re waiting to hear back from our lawyer about what our responsibilities are about this and how to approach it,” stated Twitter founder Biz Stone in a phone interview with Wired. Law enforcements have not been contacted as of yet.
GMZ also used a dictionary attack to break into the Miley Cyrus YouTube channel. GMZ’s friend used the hack to make people believe that Cyrus was killed in a car accident. GMZ also mentioned that the dictionary attack was used to break into the SayNow accounts of Selena Gomez and several other celebrities.
[via Wired]This article was written by Amit Chowdhry. You can follow me at @amitchowdhry or on Google+ at +AmitChowdhry