An 18-year-old hacker with a history of celebrity pranks has admitted to Monday’s hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama’s, and the official feed for Fox News.
The hacker, who goes by the handle GMZ, told Threat Level on Tuesday he gained entry to Twitter’s administrative control panel by pointing an automated password-guesser at a popular user’s account. The user turned out to be a member of Twitter’s support staff, who’d chosen the weak password “happiness.”
Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts.
Happiness? Happiness?! An employee/staffer used “happiness” as a password. She should be fired for that alone.
4 thoughts on “You are now twitter. Good times.”
A couple years ago I helped with a security audit at a fairly large investment firm. Part of our procedure was to review password strengths. You’d be amazed (or maybe not) at how many people use simple passwords for such important logins. They’ve since implemented stricter password requirements.
@nyokki: I almost agree.
How is happiness a high-risk password?
I wouldn’t think of it.
@LukeV1-5: Because of so-called “dictionary attacks” where someone just starts trying every word in the dictionary. They’re going to try ‘happiness’ long before ‘h4pp1n355’ or some random characters thus it’s considered weaker.
There a programs that will work through every word in the dictionary. This guy set that up and went to bed. Next day…there it is: happiness. That’s why you mix it up w/ numbers and punctuation.