Mondays Twitter attacks traced to an 18 year old hacker who used the password "happiness" to hack high profile accounts including President-Elect Barack Obama's.
An 18 year old hacker admitted to the hijacking of several high profile Twitter accounts used for phishing attacks but he was very sloppy in doing so. The hacker used a process of using an automated password-guesser to gain admin access. He was able to figure out a Twitters support staff member's password to be the word "happiness" spelled correctly. That has to be one of the weakest passwords for anyone with admin access to a large social network.
The young hacker explained this information to Threat Level, a security research firm. The hacker went by the handle GMZ online who further explained how he ran an automated password program overnight trying English words to hack into the Twitter staff member, identified as Crystal, who had the ability to access any other Twitter account by resetting an account holder's password. The teenager hacker went onto notify other hackers in a forum of hackers offering access to any Twitter account by request. He even posted a video online (shown below) as proof of him having this type of access. It was clear that he was not the sharpest tool in the shed as to the reason for speculation before he willingly explained his story.
Twitter Hack Video:
Later, in response to this discovery, Twitter performed a full security review on all access points which we are sure includes making all staff's passwords a bit stronger than the word "happiness". This goes to show the importance of having a strong password that is not easily guessed. This hacking incident could have been prevented to a point if Crystal had thought of a much better and stronger password to use.
This kid may have got himself a free ticket to jail. Who in their right mind hacks the President Elect's Twitter account? And Crystal may want to start looking for a new job and hopefully she will think of a better password to use in the future or she is in for another shocker.
Is your password easy to guess? Do you practice good safety measures in coming up with a strong password that includes letters and numbers to safeguard your online accessed accounts?