Twitter Hack: How It Happened and What's Being Done

ByABC News
January 5, 2009, 6:38 PM

— -- Twitter is tackling a series of security issues, starting with a hack that hit some well-known celebrity accounts. Someone broke into Twitter accounts belonging to President-elect Barack Obama, CNN anchor Rick Sanchez, and Britney Spears over the weekend. At the same time, a phishing scam is trying to trick regular users into handing over their passwords and compromising their profiles.

Twitter Hack: Celebrity Targets

First, the freshest set of hacks: Someone managed to crack the passwords to nearly three dozen high-profile Twitter accounts in the hours leading up to Monday morning. The official accounts for Fox News and Facebook were affected, in addition to the personal profiles mentioned above.

Some of the tweets sent from hacked accounts include "i am high on crack right now might not be coming into work today," from Rick Sanchez's name; "Breaking: Bill O Riley [sic] is gay," from the Fox News account; and finally, from Britney's Twitter: "Hi Yall! Brit Brit here, just wanted to update you on the size of my" -- well, you get the idea.

Twitter has locked down the affected accounts and returned control to their rightful owners.

Twitter Hack: The Explanation

So how'd it happen? The hacker gained access to some of Twitter's support tools and seemingly managed to reset the accounts' information.

"These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the e-mail address associated with their Twitter account when they can't remember or get stuck," a Twitter blog posting states.

Those support tools have since been taken offline until they can be adequately secured, the company says.

The Twitter Phishing Scam

All of that is unrelated to the phishing scam also brought into the spotlight over the holiday weekend. Someone started sending out e-mails and other messages directing people to a site that looks like Twitter. The phony sites ask for your username and password, then record the information and use it against you.

The smartest protection? Don't follow e-mail links, and always look carefully at a URL before handing over any sensitive information. If you think you've been duped, follow this link to reset your password ASAP, or contact Twitter support for additional help.