This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American
On supporting science journalism
If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.
Twitter has arrived. How do we know? It's been hacked like all the other hot social networks before it. (Read: Facebook and MySpace.) The cyber attacks say as much about the growing popularity of the "microblogging" site (messages can't be longer than 140 characters) as they do about the company's inability to secure its users' information. Hackers don't tend to waste their time breaking into obscure sites or writing viruses for software that no one uses.
Twitter.com on Monday revealed that cyber thugs had broken into 33 of its customer accounts, including those of President-elect Barack Obama, pop singer Britney Spears, CNN correspondent Rick Sanchez and Fox News. Online pranksters used their access to Sanchez's account, for example, to post messages such as "i am high on crack right now might not be coming to work today," while Fox News' Twitter update reported "Breaking: Bill O Riley [sic] is gay," referring to the network's volatile conservative talk show host, ComputerWorld reported.
A person (or group of people) compromised the accounts by breaking into the site and accessing the software that Twitter's online support team uses to help users log onto the site when they forget their login name or password, according to the Twitter site, whose response was to stop using that support software and reset some their users' passwords.
The Washington Post investigated the hack and tracked it to a person who uses the handle "Gmz" and who posted purloined Twitter account information to a hacker site called Digital Gangster. This gave anyone on the Digital Gangster site access to these Twitter accounts, although it's not clear how Gmz obtained the stolen login info.
The cyber strike came just a day after online scammers lured several Twitter users into so-called "phishing" scams designed to get them to divulge their account user names and passwords. The scammers sent Twitter users messages that read, for example, "Hey, check out this funny blog about you" with a Web link attached, according to ComputerWorld. When the link was clicked, users were taken to a bogus Web site designed to look like Twitter.com. If a user typed in his or her login info, it went straight to the con artists, giving them access to that Twitter account and the ability to post whatever messages (140 words or less) they wanted on it.
Twitter's appeal to hackers is that it provides a new avenue now that e-mail users are finally getting wise to their bogus schemes. In many cases, software spam filters prevent these e-mails from even being read. Until a budding site like Twitter is hit, most users have a false sense of security In 2005, MySpace.com got a rude awakening when a hacker unleashed the "Samy" worm, which took advantage of a flaw in the Web site's design to add one million MySpace users to the hacker's "friends" list. It was a harmless enough stunt, but it represented a shot across the bow for burgeoning social networking sites.
Image: © iStockphoto.com; pippa west