Twitter Hacked!
July 14th, 2009
This is a translation of an article published in French, on the Korben.info website
I’ve been contacted yesterday by the guy who have hacked Twitter. His pseudo his Hacker Croll (here is the initial reference to Hacker Croll, but in French) and explained to me that he was able to access to the various email boxes of the twitter employee including Evan Williams ones and his wife. This allowed him to have access to all a number of astonishing informations.
He had access to the Paypal, Amazon, Apple , AT&T, MobileMe and Gmail accounts of Evan Williams, Sara Morishige Williams, Margaret Utgoff and Kevin Thau (twitter employees)
Here are the snapshots that the hacker sent to me:
He was able to access to the Registar information of the Twitter domain name, and he could have been able to redirect twitter domain name to any other IP address (or simply steal the domain name)
But the most incredible, was the quantity of internal information that he was able to get on Twitter:
- the complete list of employees
- their food preferences
- their credit card numbers
- some confidential contracts with Nokia, Samsung, Dell, AOL, Microsoft and others
- direct emails with web and showbizz personalities
- phone numbers
- meeting reports (very informatives)
- internal document templates
- time sheet
- applicant resumes
- salary grid (time for me to move..lol)
But amongst all these information, you can see some funny things like:
- the “possible” launch of a TV reality show where contestant will go across USA et will win contests thanks to their followers, with a 100 000$ price at the end (but for a nonprofit organization)
- Some growing predictions that target 25 millions of users end of 2009, 100 millions ends of 2010, 350 millions ends of 2010…with revenue that I will not disclose here…
- A list of new star account like Wyclief Jean, DuranDuran, Cartoon Network, Cisco, UCLA, Guillaume Pepy (CEO of one of the biggest french company, the SNCF), Nirvana, Toshiba, 50 Cents,…. etc…
- The plan of their new offices with a list of whishes from the employee who would like a sleeping room, a playing room, plants, a chief cuisto, a meditation room, bicycle room, adjustable desks, sport room,washer/dryer, wifi, lockers, wine cellar, an aquarium and others…They seems to have imagination….
- We learn also their idea about Twitter monetization…Of course, we’ve got certified accounts, but also advertising with the ability to put AdSense widget, or sponsored tweets. Twitter whish also to be the first service to reach the billion of users (which is highly probable). They defined themself more as a “nervous system” than an alert system.
- We also learn that french president will soon use Twitter (@NicolasSarkozy ) and that Nicolas Princen which will do this.
- And we’ve got also some “test” of t-shirt and cap designs
So Twitter has been visited by this hacker. Since then, everything is back to normal thanks to security recommendations:
passwords have been changed. The information given by Hacker Croll is from beginning of may, but are still very instructive. In his mail, Hacker Croll explains the things to learn from this misadventure:
What I would like to say is that even the biggest and the strongest do silly things without realizing it and I hope that my action will help them to realize that nobody is safe on the net. If I did this it’s to educate those people who feel more secure than simple Internet novices.And security starts with simple things like secret questions because many people don’t realise the impact of these question on their life if somebody is able to crack them.
concerning me, I’ve put here only the information that are not against twitter because I am a big fan of Evan and his team works. I’ve just relayed some information of Hacker Croll and what I can tell to Twitter team is that this hacker seems to have a conduct code which will not give any prejudice to the company.
Now, clearly, we see from this hacking demonstration that it’s very easy to guess a simple password from a secrete question, and from this to enter into other account (Facebook, GMail and others) and from this enter in the heart of a company, both in accessing confidential data but also by paralyzing business symply by getting a few domain names or admin accounts.
So, don’t stop to be paranoid. Don’t use secret question, use a different password for each of your account, don’t put inline sensible documents, etc… In short, be careful..
Entry Filed under: Uncategorized
27 Comments Add your own
1. Twitter’s @Ev Confi&hellip | July 15th, 2009 at 12:41 am
[...] Back in May, Twitter was hacked by someone who got into the accounts of several Twitter employees and then gained access to high-profile accounts such as those of Britney Spears and Ashton Kutcher. The breach was the work of someone going by the name Hacker Croll, who posted the compromised screen shots on a French message board. Now more screenshots attributed to the same hacker have popped up on another French site (rough translation here). [...]
2. Twitter’s @Ev Confirms &hellip | July 15th, 2009 at 1:00 am
[...] Back in May, Twitter was hacked by someone who got into the accounts of several Twitter employees and then gained access to high-profile accounts such as those of Britney Spears and Ashton Kutcher. The breach was the work of someone going by the name Hacker Croll, who posted the compromised screen shots on a French message board. Now more screenshots attributed to the same hacker have popped up on another French site (rough translation here). [...]
3. Twitter’s @Ev Confirms &hellip | July 15th, 2009 at 1:04 am
[...] Back in May, Twitter was hacked by someone who got into the accounts of several Twitter employees and then gained access to high-profile accounts such as those of Britney Spears and Ashton Kutcher. The breach was the work of someone going by the name Hacker Croll, who posted the compromised screen shots on a French message board. Now more screenshots attributed to the same hacker have popped up on another French site (rough translation here). [...]
4. Learn About Web 2.0 &raqu&hellip | July 15th, 2009 at 1:15 am
[...] Back in May, Twitter was hacked by someone who got into the accounts of several Twitter employees and then gained access to high-profile accounts such as those of Britney Spears and Ashton Kutcher. The breach was the work of someone going by the name Hacker Croll, who posted the compromised screen shots on a French message board. Now more screenshots attributed to the same hacker have popped up on another French site (rough translation here). [...]
5. Buzzlair Voufincci | July 15th, 2009 at 1:19 am
thanks god. Evan is so lucky the hacker is not a bad insane scumbag.
6. Twitter’s @Ev Confirms &hellip | July 15th, 2009 at 1:27 am
[...] Back in May, Twitter was hacked by someone who got into the accounts of several Twitter employees and next gained access to high-profile accounts such as those of Britney Spears and Ashton Kutcher. The breach was the work of someone going by the name Hacker Croll, who posted the compromised screen shots on a French report board. Now more screenshots attributed to the same hacker have popped up on another French site (rough translation here). [...]
7. Twitter’s @Ev Confirms &hellip | July 15th, 2009 at 1:33 am
[...] Back in May, Twitter was hacked by someone who got into the accounts of several Twitter employees and then gained access to high-profile accounts such as those of Britney Spears and Ashton Kutcher. The breach was the work of someone going by the name Hacker Croll, who posted the compromised screen shots on a French message board. Now more screenshots attributed to the same hacker have popped up on another French site (rough translation here). [...]
8. Twitter’s @Ev Confirms &hellip | July 15th, 2009 at 1:42 am
[...] Back in May, Twitter was hacked by someone who got into the accounts of several Twitter employees and then gained access to high-profile accounts such as those of Britney Spears and Ashton Kutcher. The breach was the work of someone going by the name Hacker Croll, who posted the compromised screen shots on a French message board. Now more screenshots attributed to the same hacker have popped up on another French site (rough translation here). [...]
9. The Far Edge » Blog&hellip | July 15th, 2009 at 2:08 am
[...] Back in May, Twitter was hacked by someone who got into the accounts of several Twitter employees and then gained access to high-profile accounts such as those of Britney Spears and Ashton Kutcher. The breach was the work of someone going by the name Hacker Croll, who posted the compromised screen shots on a French message board. Now more screenshots attributed to the same hacker have popped up on another French site (rough translation here). [...]
10. Update RSS » Twitte&hellip | July 15th, 2009 at 2:10 am
[...] Now more screenshots attributed to the same hacker have popped up on another French site (rough translation here). According to the post, Hacker Croll was able to compromise the Twitter accounts of founder [...]
11. AntyWeb | » Techcru&hellip | July 15th, 2009 at 10:19 am
[...] będzie wesoła, wszystko zaczęło się od włamania na konto założyciela Twittera i innych pracowników tej firmy. Haker włamał się również na ich skrzynki pocztowe co w [...]
12. Techcrunch opublikuje dzi&hellip | July 15th, 2009 at 11:01 am
[...] dzisiaj wesoło – wszystko zaczęło się od włamania na konto założyciela Twittera i innych pracowników tej firmy. Haker włamał się również na ich skrzynki pocztowe co w [...]
13. Kanha.info » Blog A&hellip | July 15th, 2009 at 2:38 pm
[...] Back in May, Twitter was hacked by someone who got into the accounts of several Twitter employees and then gained access to high-profile accounts such as those of Britney Spears and Ashton Kutcher. The breach was the work of someone going by the name Hacker Croll, who posted the compromised screen shots on a French message board. Now more screenshots attributed to the same hacker have popped up on another French site (rough translation here). [...]
14. Twitter rape: Hacker acce&hellip | July 15th, 2009 at 5:00 pm
[...] The latest incident may have started back in May, when there were reports that Twitter was hacked by someone who got into the accounts of several Twitter employees and then accessed the Twitter accounts of celebrities such as Britney Spears and Ashton Kutcher. The hacker posted screen shots of the accounts on a French message board, and they’ve surfaced more recently here (with translation here). [...]
15. Twitter rape: Hacker acce&hellip | July 15th, 2009 at 5:09 pm
[...] The latest incident may have started back in May, when there were reports that Twitter was hacked by someone who got into the accounts of several Twitter employees and then accessed the Twitter accounts of celebrities such as Britney Spears and Ashton Kutcher. The hacker posted screen shots of the accounts on a French message board, and they’ve surfaced more recently here (with translation here). [...]
16. Hacker Pissed, Techcrunch&hellip | July 15th, 2009 at 8:07 pm
[...] an Extraordinary General Meeting (EGM) especially when it is confirmed that not just Hacker Croll owned them, but Techcrunch [...]
17. Twitter Hacked Secrets Ex&hellip | July 15th, 2009 at 9:06 pm
[...] French hacker has hacked Twitter and exposed the very secrets the company wants kept secret. The hacker that operates under [...]
18. Security Breach At Twitte&hellip | July 15th, 2009 at 9:57 pm
[...] French Blog having in in depth leaked content Korben : Hack de Twitter – La suite… by Korben and its conversion in English here [...]
19. Get your News » Twi&hellip | July 16th, 2009 at 2:09 am
[...] Back in May, Twitter was hacked by someone who got into the accounts of several Twitter employees and then gained access to high-profile accounts such as those of Britney Spears and Ashton Kutcher. The breach was the work of someone going by the name Hacker Croll, who posted the compromised screen shots on a French message board. Now more screenshots attributed to the same hacker have popped up on another French site (rough translation here). [...]
20. Secret questions? | netse&hellip | July 16th, 2009 at 6:10 pm
[...] recent story on the twitter breach of company information reminded me of an interesting research I recently saw. A few researchers [...]
21. Twitter lost hundreds of &hellip | July 16th, 2009 at 9:05 pm
[...] Read hacker’s trasnlated post here [...]
22. What if the World Knew Yo&hellip | July 16th, 2009 at 9:49 pm
[...] the first leak of the documents came on a French site (English translation), which discreetly obscured names and certain data points. Hacker Croll, as the perpetrator calls [...]
23. David N. Jafferian | July 17th, 2009 at 2:07 pm
So we are supposed to buy into the sentiment that “Hacker Croll” has done us all a favor ? He/she has done little more than demonstrate a lack of hacker integrity by *not* doing any damage to Twitter, a company whose leadership ought to pay the price for taking a risk and losing. I don’t believe that Twitter could not have hired an Internet security specialist who could have easily foreseen this attack. Call me a cynic, but this all just smells like an elaborate publicity stunt.
24. Twitter was hacked «&hellip | July 17th, 2009 at 5:35 pm
[...] Twitter was hacked Back in May, Twitter was hacked by someone who got into the accounts of several Twitter employees and then gained access to high-profile accounts such as those of Britney Spears and Ashton Kutcher. The breach was the work of someone going by the name Hacker Croll, who posted the compromised screen shots on a French message board. Now more screenshots attributed to the same hacker have popped up on another French site (rough translation here). [...]
25. Ask Twitter about documen&hellip | July 17th, 2009 at 8:54 pm
[...] seems that, in May, someone who calls himself Hacker Croll gained access to the Gmail accounts of Twitter co-founder Evan Williams, other employees and, um, Williams’ [...]
26. Internet Protection | August 28th, 2009 at 9:23 am
Until very recently, I thought “twitering” was rimming. ANd it would be awful to be ‘denied a service’ like that.
27. Vivek | September 7th, 2009 at 11:01 pm
hey it seems that you are going to make Hacker Croll a celebrity,
Every system has a loop hole and it can be repaired when someone finds the bug in it. So now twitter is safe.
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed