Early in 2009, Twitter suffered two major security lapses. Once when a wave of highly successful phishing campaigns were successful in obtaining a lot of Twitter passwords, and then again when an 18 year old hacker and student of computer games development brute-force'd an administrator account. In this second attack Twitter was forced to announce that 33 high-profile accounts had been hacked.
In an online interview, the hacker revealed the ease with which he had gained access to the entirety of Twitter. He had hacked the account of a relatively high profile user named “Crystal” by using a script to guess her password, trying out every word in a simple English dictionary until it eventually reached the word 'happiness'. The user turned out to be an Administrator and the kid suddenly found himself with the ability to access absolutely any of Twitter's 12+ million accounts.
Within a few hours he had posted password information on a well known forum for computer hackers (DigitalGangster) and users began publishing Tweets under the names of Barrack Obama, Britney Spears, Rick Sanchez, Fox News, Kevin Rose and Facebook.
Fox News promptly announced that “Bill O'Reilly is gay” and Britney Spears declared that her genitalia was “4 feet wide with razor sharp teeth”. Meanwhile, Obama invited users to take a survey “and possibly win $500 in free gas.”
Later in the year another spate of Twitter attacks targeted New York Time's fashion magazine “The Moment”, Miley Cyrus, Kanye West, Ashton Kutchner, Lily Allen and various other celebrities. A full of list of those celebrity accounts that have been hacked in the past is hard to find anywhere online, although its safe to say that there have been a lot.
Other security flaws led to various Twitter users falling prey to the “Mikeyy worm” in April 2009. The worm was essentially a harmless advertisement for the computer security enthusiast Michael Mooney. After gaining access to a user's account it would tweet messages such as “Twitter please fix this, regards Mikeyy” and “Man, Twitter can’t fix sh*t. Mikeyy owns.”
Overall, if 2009 has taught Twitter anything it's that they need to work on the way they provide information security as a whole. Their staff need to be retrained and their site reprogrammed. After seeing so many high-profile security failures in one year, they shouldn't be surprised if they are seen as a soft-target for a long time to come.
