Lame Password behind Twitter Hack

Posted 01/07/09 at 09:22:09 AM | by Pulkit Chandna

A hacker who uses the pseudonym GMZ accepted responsibility for the recent Twitter hack in an IM interview to Threat Level on Tuesday. He divulged little personal details except that he is an 18-year old student on the East Coast. It is also known that he is a member of the online forum for hackers called Digital Gangster; forum members had claimed that GMZ was responsible for the hack even before the hacker owned up.

He revealed that he successfully gained access to the account of a female Twitter staffer named “Crystal.” He had serendipitously stumbled upon her account and had no idea that she was a Twitter staff member with administrative control. He then proceeded to hack her account using a dictionary attack.

The program didn’t have to break a sweat as she was using the password “happiness.” Her flimsy password coupled with Twitter’s primeval security, which allows rapid-fire log-in attempts, led to several high profile Twitter accounts, including the ones belonging to President-elect Barack Obama and Fox News, being compromised.

Image Credit: Zdnet

COMMENTS:: 7
TAGS:: Software, twitter, hack, Password, dictionary, gmz, digital gangster, brute forcing

Comments

COMMENTS

Why does this not surprise
Submitted by Dresh on Thu, 2009-01-08 09:51

Why does this not surprise me, it's ubeleivable what people use for thier passwords. On a second note who the hell uses twitter anyway? there's more important things to be doing with your time/life other than posting WTF your up to all the time... sheesh.

Login or register to post comments

Lame Password
Submitted by The Relic on Wed, 2009-01-07 13:41

Unbelievable...reminds me of the retailer I used to work for (now closed); they set up a login/password system on their computer that has the sales/inventory records. I was not given either (oversight, since they knew I needed unfettered access to those records to do my job). Well, the boss was late, and the store needed to open and be ready to receive inventory, so I mention this to HR. No, she didn't have it either.

So I sat down, and within two tries, I had the computer logged on and happily doing my job. The login? Her title (mgr) and the password? The store's designation (st101). Again, revealing the login/password is not a problem since, not only is the company no longer around, my actual store is now a grassy lot, having been torn down earlier last year. But yeah, one thing I can count on is that a company will have at least one clueless manager.

And no, she didn't care about how easy it was when we told her how easy it was to crack. Didn't even change the password ^_^.

Login or register to post comments

...
Submitted by neo1piv14 on Wed, 2009-01-07 12:59

Wow, for an internet company, that's just inexcusable. Where I work, our passwords get audited on a monthly basis with dictionary brute force attacks to see if they can be broken that easily. What would be wrong with say...making users have numbers, different cases, and special characters?

Login or register to post comments

I like twitter, but I really
Submitted by Azruelli on Wed, 2009-01-07 09:09

I like twitter, but I really think it's foolish to not enforce a semi-protective password.

Also, Lol@cnn reporter high on crack.

Login or register to post comments

Twitter should higher
Submitted by Dunimas on Wed, 2009-01-07 08:46

Twitter should higher smarter employees or at least enforce a password policy that requires letters and numbers in order to protect itself. You'd think an web-based company would have that under control.

::.Dunimas.::

Login or register to post comments

Not sure 'smarter' employees
Submitted by Velcrow on Wed, 2009-01-07 12:11

Not sure 'smarter' employees is the right way to put it. There are plenty of naive or technologically ignorant people out there. I blame the company. There should be a strict password enforcement. Employee's are always a security liability, the company has to set the right foundation to ensure proper security is maintained.

Login or register to post comments

haha
Submitted by gsxrmike04 on Wed, 2009-01-07 08:27

gotta love it rick sanchez cnn high on crack lmao

Login or register to post comments

RESOURCE CENTER

MOST COMMENTED ARTICLES

NewsWindows 7 Pricing and Upgrade Programs Revealed!

4 NEW COMMENT(S) | 100 TOTAL COMMENTS

FeaturesWindows 7 Buyer's Guide: Which Edition is Right for You?

3 NEW COMMENT(S) | 48 TOTAL COMMENTS

NewsBarack Obama USB Drive Promises 8GB You Can Believe In

1 NEW COMMENT(S) | 39 TOTAL COMMENTS

NewsAnalyst Says Windows 7 is Not Affordable Enough

1 NEW COMMENT(S) | 39 TOTAL COMMENTS

NewsAt Long Last, Firefox 3.5 Now Available for Download

1 NEW COMMENT(S) | 34 TOTAL COMMENTS

MOST RECENT COMMENTS

NewsMozilla Plans 'BugDay' to Exterminate Bugs in Firefox 3.5

18 NEW COMMENT(S) | 18 TOTAL COMMENTS

NewsAsus New Motherboard Supports Seven PCI-E x16 Cards

1 NEW COMMENT(S) | 7 TOTAL COMMENTS

NewsGmail Interface Adopts Drag and Drop

1 NEW COMMENT(S) | 5 TOTAL COMMENTS

NewsAt Long Last, Firefox 3.5 Now Available for Download

1 NEW COMMENT(S) | 34 TOTAL COMMENTS

No BS PodcastNo BS Podcast #109: The Windows 7 Price is Right Edition

3 NEW COMMENT(S) | 18 TOTAL COMMENTS

THIS MONTH's ISSUE

FEATURE 21 Instant PC UpgradesBUYER'S GUIDE Budget videocards: which pass, which fail?HOW TOSupercharge Firefox & Maximize your SSDFEATURE3 trends that will save PC Gaming WHITE PAPERSurge supression

SUBSCRIBE NOW & SAVE 86%!

Maximum PC

Lame Password behind Twitter Hack

Technology News

Computer Cooling Fans

Computer Cases

PC Game Controllers

PC Games

Computer Hardware

Headphones

MP3 Players

Stream Video

Computer Mouse

Monitors

Motherboards

NAS Storage

Networking

Laptop Computers

DVD Burner

Digital Cameras

Portable Storage

Computer Accessories

Smartphone

Antivirus Software

Sound Cards

Speakers

Computer Systems

Thumb Drives

Video Cameras

Video Card Reviews

Water Cooling

Gadgets

Geek Tested:

HARDWARE

PC

SOFTWARE

WINDOWS

CONSUMER ELECTRONICS

LINUX