‘Hacker Croll’ compromises Twitter administrative account; posts screenshots
On Wednesday evening, a hacker by the name of ‘Hacker Croll,’ managing to compromise a Twitter administrative account, posted 13 screenshots of Twitter’s administrative console at different web sites.
While one of the screenshots revealed the administrative information about President Obama's Twitter account, another showed information about Britney Spears’ account, and yet another about Ashton Kutcher’s account. Coincidentally, one of the screenshots posted was of an internal inquiry of Twitter’s previous high-profile security episode, the Mikeyy Worm Attack!
The screenshots were apparently captured by Hacker Croll while he was logged into the account of Jason Goldman, Twitter’s director of product management. Croll managed to access Goldman’s Twitter account after hacking his Yahoo account, exploring the same weakness in Yahoo’s password-recovery system via which Alaska Gov. Sarah Palin’s e-mail account was hacked last year.
In a posting to a French online discussion forum, Hacker Croll said: "One of the admins has a yahoo account, i've reset the password by answering to the secret question. Then, in the mailbox, i have found his/her twitter password. I've used social engineering only, no exploit, no xss vulnerability, no backdoor, np sql injection."
The ‘Hacker Croll’ incident is the second Twitter hacking episode this year. In January, another hacker, GMZ, managed to take control of 33 high-profile Twitter accounts, including those for Obama, Spears, and Fox News.