06 Jan 2009
Celebrity Twitter account hacks raise serious security questions, says Sophos
Break-in at accounts of Britney Spears and Barack Obama more worrying than widespread phishing scam which troubled Twitters
IT security and control firm Sophos believes that the
embarrassing defacements of celebrity Twitter accounts yesterday
demonstrate a worrying security problem for micro-blogging service,
Twitter.
Tools that normally only Twitter's technical support team can
use to help locked-out members reset their email address were
accessed by hackers, enabling them to steal control of the accounts
from their rightful famous owners.
Hackers have targeted the accounts of 33 high profile users with
the latest attack, including Britney Spears, American news
presenter Rick Sanchez, and president-elect Barack Obama. The
message walls of the affected accounts were defaced with offensive
or embarrassing messages, which have now been removed by Twitter
staff.
This security breach follows news that several Twitter members
have recently fallen victim to a phishing
attack which saw cybercriminals seize control of user accounts
and use them to send
spam messages throughout the Twitter community.
"This latest attack is actually much more serious than these
people and organisations falling for a simple phishing attack. It
appears that Twitter's systems were potentially exposing
everybody's account to the danger of being taken over by hackers -
this breach could actually have been much more serious and affected
many more of Twitter's users," said Graham Cluley, senior
technology consultant at Sophos. "Twitter needs to take a long hard
look at its security to ensure that this never happens again, and
regain the confidence of its members. This shocking start to the
year for Twitter should send a stark warning to any online company
holding details of its users that it needs to make certain it has
proper security in place to prevent illegitimate access."
Learn more about the hacked accounts on Twitter
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.