Home
Delicious
Digg
Facebook
Reddit
Stumble Upon
Technorati
Mixx
Sphinn
Twitter
SphereIt
Propeller
Gmarks
Newsvine
Yahoo! My Web
Live Journal
Blinklist
E-mail
Denial at the initial phase:
The whole thing started at twitter itself when accounts of their employees were hacked by Hacker Croll. The big fishes at twitter sidelined it as a minor problem and said only personal information of employees was hacked. This wasn’t true as Hacker Croll had accessed highly confidential information relating to financial projections, executive meeting notes and other secretive documents. Even at that point Twitter was unaware of all the mess!
The weak link exposed:
Hacker Croll used the personal information of employees from data such as usernames, birth dates, associated Gmail accounts, their roles with the company to very small bits of information such as pet’s name, first car and other bits of small data. Now you might be wondering why all this was done? The answer is to expose the weak link relating to the email notifications send when you ask for ‘Forgot Password’ , ‘ Forgot Username’ and the more seemingly vulnerable options such as ‘keep me logged in’, ‘keep signed in’. Combined with loads of patience, hit and trial chronology and a bit of guess work Hacker Croll was now able to access e-mail accounts as well. This started a chain reaction and he used all the database to tactically access AT&T phone logs, Amazon and e-bay for purchasing history, MobileMe for more personal emails even iTunes for full credit card information as they have a security glitch regarding the same. Hacker Croll though never used all this to steal money from accounts as his main purpose was to expose the vulnerabilities at Twitter.
The domino effect:
When Hacker Croll first hacked into accounts of employees of Twitter he had no idea that it would unearth such a big problem. Although he later apologized to Twitter expressing that he just wanted to tell about the loopholes in the whole system. Once the domino’s started tumbling there was no stopping as one puncture hole lead to another.
Unethical Hackers use it for Twitter account’s seize:
Hacker Croll may have apologized for the mess he created at Twitter, but this gave opportunity for unethical hackers to access accounts of many twitter users including famous celebrities and well known personalities. The Distributed Denial Of Service (DDOS) mode was used to raise havoc at Twitter last week. At one point hackers even managed to crash the whole network by sending continual data requests to the server overloading it.
Twitter account hack of famous Celebrities:
Twitter account of more than 25 iconic personalities including Barak Obama, Briteney Spears, CNN anchor Rick Sanchez, Bill O Riely, Diddy, were taken over.
There were obscene comments on Britney Spears private parts
Image
Bill O Riely faced the brunt with comments on his sexuality
Rick Sanchez has his account updated with stuff relating to drugs
U.S President Barak Obama’s account had updated that people could come to a site to win 500$ worth free petrol
Miley Cyrus account was updated with really offending language.
The result was that reported hacked accounts had to be closed down but, the damage was already done.
Steps taken by Twitter:
Twitter is keeping a close check on all the security access points and the sign in access points. Twitter has also reported that some of the added tools and options have been freezed for now.
Facebook may be the next on list:
With so many loopholes in the social networking and mailing sites Facebook seems to the next prime target for account hackers. Reports have been that breaches have already been performed on Facebook and other social networking sites but, they are said to be surgical or test attacks before the all out attack.
Steps that can keep you safe:
The users themselves have to make an effort so that their virtual world privacy is not in jeopardy. If you are using passwords that have weak strength its time to change them now, ‘Keep me signed’ in option is a strict no-no and when you send password recovery mail you should immediately delete it after reading and change the password for which the recovery was requested. Don’t leave important and secretive mail messages in your inbox save them somewhere else.
