BBC Home > BBC News > Technology

Twitter hit by security breaches

6 January 09 12:18 GMT

Micro-blogging site Twitter has admitted that some of its most high profile bloggers have been targeted by hackers.

It announced that 33 accounts had been hacked, including those belonging to president elect Barack Obama and singer Britney Spears.

It follows a phishing scam on the site which encouraged users to click on a fake Twitter homepage.

The celebrity accounts are now secure, the firm said.

Monday madness

The celebrities, including US CNN broadcaster Rick Sanchez, awoke on Monday morning to find their Twitter accounts - which allows users to post short updates of less than 140 characters - with some bizarre and, in some cases pornographic messages.

The fictional updates included a message from Mr Sanchez saying he would not be in work because he was high on crack, a link to free petrol from Mr Obama and some very personal statistics from Ms Spears.

"The issue with these 33 accounts is different from the phishing scam aimed at Twitter users," the firm explained in its blog.

"We immediately locked down the accounts and investigated the issue. Rick, Barack, and others, are now back in control of their accounts," it wrote.

The security breach happened when hackers broke into tools used by the Twitter support team to help people edit the email address associated with their account.

"We'll put the tools back only when they're safe and secure," the blog promised.

That attack, described by Twitter as "Monday morning madness" comes off the back of what it called a "wacky weekend" of attacks.

The phishing scam, which affected thousands of users, invited people to click on a link to a fake Twitter login.

Individual attack

It then obtained account details which could be used to harvest more accounts.

There was no financial gain from the scam and seemingly no link to the celebrity hack.

Graham Cluley, senior consultant with security firm Sophos, believes the celebrity hack is the more worrying.

"It appears that Twitter's systems were potentially exposing everybody's accounts to the dangers of being taken over by hackers - it's just that they chose some high profile accounts to abuse with their defacements," he said.

"Twitter seems convinced that it was an individual rather than a gang of criminals so it may be that they have identified the person responsible," he added.

Related BBC sites

*