Twitter is probably the world’s hottest technology company in the world at this time. If you follow the world technology industry, you’ll no doubt see Twitter in the news at least once a week, every week. Well, this past week, Twitter was in the news again – for all the wrong reasons. A cracker from France (named “Hacker Croll”) managed to single-handedly break down Twitter’s security system and gain access to confidential company information, employee records, calendars, phone logs, credit card numbers and other information.
In a thriller of an article, Techcrunch lays bare the riveting story of how Hacker Croll violated Twitter. Here is a summary of how he did it:
1. HC accessed Gmail for a Twitter employee by using the password recovery feature that sends a reset link to a secondary email. In this case the secondary email was an expired Hotmail account, he simply registered it, clicked the link and reset the password. Gmail was then owned.
2. HC then read emails to guess what the original Gmail password was successfully and reset the password so the Twitter employee would not notice the account had changed.
3. HC then used the same password to access the employee’s Twitter email on Google Apps for your domain, getting access to a gold mine of sensitive company information from emails and, particularly, email attachments.
4. HC then used this information along with additional password guesses and resets to take control of other Twitter employee personal and work emails.
5. HC then used the same username/password combinations and password reset features to access AT&T, MobileMe, Amazon and iTunes, among other services. A security hole in iTunes gave HC access to full credit card information in clear text. HC now also had control of Twitter’s domain names at GoDaddy.
6. Even at this point, Twitter had absolutely no idea they had been compromised.
Read about the whole thrilling account here.
In computer security circles, they say that a computer system can never be 100% secure – there’s always a hole somewhere that can be exploited by someone who is determined to do so. However, most organisations and individuals (probably even you) are very very poor when it comes to security in the computer systems (especially online) that they use.
As seen in the Twitter cracking, a single Gmail account fell and this opened the door for the whole company to be compromised. Could this happen to you? No, really, could it? Rethink your approach to computer security, reset those passwords and do not use a single password for all the services and systems that you use. Change your passwords regularly and do not use passwords that can be easily guessed.
Always be on your guard. Otherwise, You may come to regret it.