Twitter: Britney, Barack, Rick and Fox News weren’t phished – they were hacked

Graham Cluley
Graham Cluley
@[email protected]

Britney Spears

The guys at Twitter have posted more information on their website about the high profile accounts (belonging to the likes of Britney Spears, Barack Obama, Fox News, CNN’s Rick Sanchez and others) that were compromised on their website today.

Fascinatingly, Twitter claims that these accounts were not broken into as a result of the widespread phishing attack that has taken place on Twitter over the last couple of days, but instead were the result of Twitter’s own systems being compromised by hackers.

As a result, tools that normally only Twitter’s technical support team can use to help locked-out members reset their email address were accessed by hackers, enabling them to steal control of the high profile accounts from their rightful owners.

Sign up to our free newsletter.
Security news, advice, and tips.

As a result, Britney Spears’s Twitter stream made claims about a sensitive part of her anatomy, Rick Sanchez’s Twitter entry declared that he was high on crack, and Fox News appeared to published breaking news that Bill O’Reilly was gay.

This is actually much more serious than these people and organisations falling for a simple phishing attack. It appears that Twitter’s systems were potentially exposing everybody’s account to the danger of being taken over by hackers – it’s just that they chose some 33 high profile accounts to abuse with their defacements.

Here’s part of the statement from Twitter co-founder Biz Stone:

These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their Twitter account when they can’t remember or get stuck. We considered this a very serious breach of security and immediately took the support tools offline. We’ll put them back only when they’re safe and secure.

What is still unclear is whether the person who hacked the accounts was an external hacker, or someone inside the Twitter organisation.

Twitter seem convinced that it was an individual rather than a gang of criminals, so it may be that they have identified the person responsible. If so, they may choose to involve the authorities to see justice done for what was both a cruel and criminal act.

Whether the full details of what actually happened are ever revealed remains to be seen. But one thing is for certain: Twitter has had an appalling start to 2009 from the security point of view.

So what of Britney herself? Well, there’s been no word from the singing sensation – but someone who claims to be her Social Media Director did post a message on the Rolling Stone website apologising for any offence caused by the vulgar message:

Message on Rolling Stone website

I’m Britney’s Social Media Director- I run this twitter account. We did get hacked this morning. We apologize for any offense caused to Britney’s fans and Twitter followers…. we never want to offend anyone. Luckily, everything is back under control and we appreciate your understanding.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.