Twitter’s @Ev Confirms Hacker Targeted Personal Accounts; Attack Was “Highly Distressing.”

July 14, 2009 ·Filed Under Technology News

Back in May, Twitter was hacked by someone who got into the accounts of several Twitter employees and next gained access to high-profile accounts such as those of Britney Spears and Ashton Kutcher. The breach was the work of someone going by the name Hacker Croll, who posted the compromised screen shots on a French report board. Now more screenshots attributed to the same hacker have popped up on another French site (rough translation here).

According to the post, Hacker Croll was able to compromise the Twitter accounts of founder Evan Williams, his wife, and several employees. Using password recovery techniques, Hacker Croll claims he gained access to various Paypal, Amazon, Apple , AT&T, MobileMe and Gmail accounts. I emailed Evan Williams asking about the breach.  He confirms:

Yes, we did suffer an attack a few weeks ago and are familiar with that list of stuff. that is unrelated to the hack of twitter where someone gained access to user’s accounts. that had nothing to do with the safety measure of twitter.com, and there were no user accounts compromised here.

Some notes:
- He did not actually gain access to my @ev Twitter history (or any Twitter accounts) nor any administrative functions of the site.
- There is plus no evidence that he gained access to my newsletter. There was one administrative employee who’s e mail was compromised, as was my wife’s Gmail history, which is where he got access to some of my credit cards and other data.
- He plus successfully targeted a couple other employees personal accounts (Amazon, AT&T, Paypal…)

In general, most of the sensitive data was personal rather than company-related. Obviously, that was highly distressing to myself, my wife, and other Twitter employees who were attacked. It was a good lesson for us that we are being targeted considering we work for Twitter. We have taken additional steps to increase our shield, but we know we can never be entirely comfortable with what we share via mail.

Above and below are

purported screenshots of Williams’ accounts on Twitter, Gmail, and GoDaddy. He claims he was able to access Twitter’s domain name explanation on GoDaddy and could have redirected the traffic to another IP address (I’m certain that would have worked for about three minutes).  The Gmail access, whether true, would have been more troubling.  Once the hacker got into @ev’s Gmail detail, password recovery for other accounts was easy.  He claims to have gained access to some internal documents, including projections for reaching 25 million users in 2009, 100 million in 2010, 350 million in 2010, and an outlandish goal to eventually become the first Web service to reach one billion users. So perhaps some corporate info was compromised.

Here is a list of some of the other things he claims to have found out, along with screenshots below, the last being a plan for Twitter’s new office space, including a sleeping room, a playing room, greenhouse, a meditation room, bicycle room, gym,washer/dryer, wifi, lockers, wine cellar, and an aquarium. Twitter moved into its new digs in July (the accounts were compromised in May, which is when all of that knowledge dates from):

  • the complete list of employees
  • their food preferences
  • their credit card numbers
  • some confidential contracts with Nokia, Samsung, Dell, AOL, Microsoft and others
  • direct emails with web and showbizz personalities
  • phone numbers
  • meeting reports (very informatives)
  • internal document templates
  • time sheet
  • applicant resumes
  • salary grid (time for me to move..lol)

Who knows whether any of that is true (there are no actual screenshots of the corporate documents), but it is adequate to assemble any executive wary of living too much in public.

Crunch Network: CrunchBoard because it’s moment for you to find a new Job2.0


Comments

Got something to say?