Twitter should harden its security. This is the advice of IT security and control firm Sophos after a French hacker claimed he broke into Twitter's internal administration system, enabling him to access the accounts of millions of Twitter users - including Barack Obama, Britney Spears, Ashton Kutcher and Lily Allen.
The hacker - known as 'Hacker Croll' - claimed that he was able to access Twitter's internal administration system after stealing a password from a staffer at the micro-blogging website. It is alleged that by resetting the employee's Yahoo password after guessing his 'secret question', Hacker Croll found the information about the staffer's Twitter login credentials.
Claims appear to be confirmed by screenshot images uploaded to a French blog, which give a glimpse into the micro-blogging site's admin panel revealing that the likes of Kutcher and Allen have blocked other Twitter users, such as celebrity gossipmonger Perez Hilton, from contacting them. Amongst the private information accessible was the email addresses of compromised accounts, mobile phone numbers (if one was associated with the account), and the list of accounts blocked by the affected user.
Sophos advises that Twitter's internal security could be improved if staff were forced to log in using authentication tokens that provide a randomly generated key upon login, meaning that even if a staffer's username and password is compromised hackers would not be able to gain access.
This story, "French Hacker Cracks Into Twitter" was originally published by Computerworld Philippines.