Malicious users gained access to Twitter’s account support tools by exploiting an undisclosed security vulnerability and hacked into 33 high profile accounts, including those belonging to Fox News personality Bill O’Reilly, U.S. President Elect Barack Obama, and CNN anchor Rick Sanchez. The intrusions caused no real harm, but Twitter’s status as a soapbox for public figures obligates it to be more responsible going forward.
Twitter acknowledged the exploits on its blog, which it considered to have been a “very serious breach of security.” It took the tools offline and froze the affect accounts when it was alerted to the problem. The Twitter team speculated that the breach may have been prevented had it been using the open authentication protocol (OAuth), a protocol to allow secure API authorization from Web applications.
The hacker (or hackers) used the President Elect’s account (which had been inactive since election day) to plug a gas card offer, made O’Reilly a more interesting individual, and changed Sanchez’s status to, “high on crack and might not be coming into work today.” Screen grabs of the exploits have been posted by TechCrunch.
No real harm was done, but the hackers’ puerile statements could have caused a real kerfuffle. Had Barack Obama already been swore in as President, an inappropriate statement could have inflamed political tinderboxes around the world. Indeed, Officials of other governments have been using Twitter for official statements.
The Israeli Consulate has been using Twitter to explain its justification for its recent military action; the wrong statement could have made an already acute political and humanitarian situation worse. It may be time for public officials and governments to reconsider their participation in social media unless there has been some form of a security audit. Twitter should take the responsibilities that come with being an impactful channel for disseminating information seriously.
The TV station across the street from me has a security guard and uses access cards at the door for a reason. The same standard should apply to new media.
In an indication that Twitter has become hackers’ target de jour, the intrusions come on the heels of a major phishing campaign that took place over the weekend. An untold number of Twitter users were lured into giving up their passwords for the promise of an iPhone.