Twitter Accounts Hacking Continues

Posted by Sierra Monica B. in Security on 07 16th, 2009 | no responses

Koobface, the already famous computer worm that was launched on MySpace continuing with Facebook, Hi5, Bebo, Tagged, Friendster and other social networking sites, has spread on Twitter as well and, in order to avoid more damage, the website administrators began suspending those accounts that were affected by the worm. Account owners have received notifications from the Twitter administration.

The worm installs on the user’s computer and starts to monitor the browsing sessions to hijack social networking accounts, propagating itself rapidly. It does this by sending links to malicious pages advertising fake video content. As you click on a video it prompts you to download a Flash player update, which is actually the worm itself.

Koobface has become more aggressive in the last weeks affecting over hundreds of Twitter users in just a few hours, as Trend Micro specialists announced at the beginning of this month.
Twitter admins posted an alert regarding this issue on the status page and they’ve recommended users not to click on any link.

Things went even worse lately as a hacker said to have compromised several personal accounts of Twitter employees, one of which is Evan Williams, Twitter Co-Founder. More than that, the hacker says he managed to access a Google Apps account of one of the employees and downloaded confidential information on the Twitter company.
Hacker Croll got his hands on executive meeting notes, financial projects, partner agreements and even phone logs and meal preferences.

Biz Stone, another Twitter Co-Founder, dismissed the rumors, but the hacker claims he gained access to even more confidential data, such as Paypal, Apple, Amazon, AT&T, MobileMe and Gmail accounts of Evan Williams, his wife, and other two Twitter employees.
While Twitter is consulting its lawyers regarding this security breach, Evan Williams defends the social networking site by saying that “This was not a hack on the Twitter service, it was a personal attack followed by the theft of private company documents.”