Officials at Twitter confirmed media reports that a hacker gained administrative access to the service and used it to view details of multiple accounts. It is the second time this year an attacker has gained administrative access by obtaining a Twitter employee's password, and follows a wave of worm attacks against the service a few weeks ago.
co-founder Biz Stone
has confirmed a hacker was able to breach security at
the microblogging service, marking the second time this year an attacker gained
administrative access via an employee's account.
According to Stone, an attacker gained
to Twitter this week and viewed 10 individual accounts.
Twitter's initial security review found that no account information was altered
or removed. No password information was revealed or altered for any of the
accounts, nor were any personal messages viewed.
"Personal information that may have been viewed on these 10 individual
accounts includes email address, mobile phone number (if one was associated
with the account), and the list of accounts blocked by that user," Stone
blogged. "We have personally contacted Twitter users whose accounts were compromised
via this unauthorized access."
admission came after reports
of the hack began to circulate earlier
today. A French hacker operating under the handle of Hacker Croll posted
13 screenshots of Twitter's administration panel that featured internal data
for accounts belonging to a number of high-profile individuals, including
Ashton Kutcher and Britney Spears.
In a post in an online forum, the confessed hacker said he used social
engineering only-"no exploit, no XSS vulnerability, no backdoor, no sql
The hacker wrote: "One of the admins has a yahoo account, i've reset
the password by answering to the secret question. Then, in the mailbox, i have
found her twitter password."
to a report from Wired
, a similar situation occurred in January,
when a hacker obtained administrative access by guessing the password
of a Twitter employee.
The latest hack follows a wave of worm attacks against Twitter earlier in
April. In that case, the worm was more of an annoyance for users and is not
thought to have caused any actual harm beyond sending spam.
"Twitter takes security very seriously, so we will be conducting a thorough,
independent security audit of all internal systems and implementing additional
anti-intrusion measures to further safeguard user data," Stone wrote.