Twitter Hacker Used His "Happiness" To Hack Accounts

Mondays Twitter attacks traced to an 18 year old hacker who used the password "happiness" to hack high profile accounts including President-Elect Barack Obama's.

An 18 year old hacker admitted to the hijacking of several high profile Twitter accounts used for phishing attacks but he was very sloppy in doing so. The hacker used a process of using an automated password-guesser to gain admin access. He was able to figure out a Twitters support staff member's password to be the word "happiness" spelled correctly. That has to be one of the weakest passwords for anyone with admin access to a large social network.

The young hacker explained this information to Threat Level, a security research firm. The hacker went by the handle GMZ online who further explained how he ran an automated password program overnight trying English words to hack into the Twitter staff member, identified as Crystal, who had the ability to access any other Twitter account by resetting an account holder's password. The teenager hacker went onto notify other hackers in a forum of hackers offering access to any Twitter account by request. He even posted a video online (shown below) as proof of him having this type of access. It was clear that he was not the sharpest tool in the shed as to the reason for speculation before he willingly explained his story.

Twitter Hack Video:

Later, in response to this discovery, Twitter performed a full security review on all access points which we are sure includes making all staff's passwords a bit stronger than the word "happiness". This goes to show the importance of having a strong password that is not easily guessed. This hacking incident could have been prevented to a point if Crystal had thought of a much better and stronger password to use.

This kid may have got himself a free ticket to jail. Who in their right mind hacks the President Elect's Twitter account? And Crystal may want to start looking for a new job and hopefully she will think of a better password to use in the future or she is in for another shocker.

Is your password easy to guess? Do you practice good safety measures in coming up with a strong password that includes letters and numbers to safeguard your online accessed accounts?

  • coffee buzz

    did the Twitter Admin change his password to "sadness" after he was hacked? haha... ok not funny

  • David

    Crystal's incompetence does not end there. She handled nearly all my support requests.

    Twitter managed to unfollow over 47,000 of my follows in the space of three days, plus it deleted over 11,000 followers in 48 hours.

    Trouble is, even if the followers are "restored" later, due to more technical incompetence you are not shown as following each other, and countless people will have unfollowed or autounfollowed in the meantine, if not actually blocked you for appearing to be rude. (Spammers often follow and unfollow when the follow is reciprocated.)

    I found myself suddenly unable to follow on several occasions, despite being within my follow ratio by many thousands.

    Even worse, Twitter put unauthorised blocks on people who were following me. I found that my account had blocked Stephen Fry and other long-term followers, for example, including some other VIPs.

    The only way I could get President Obama's autofollow to work was by unfollowing blocking, unblocking and following his account all over again. It is not good to have to block people.

    When I complained about Crystal's extreme incompetence, in an act of spite she removed my autofollow from the Twitter server immediately afterwards.

    That is an example of malicious activity by a member of the Twitter staff. I wonder how many other acts of petty vandalism there have been?

    Crystal often does not actually appear to read customers' emails properly, because on a number of occasions I have received messages from her which are generic 'copy and paste' responses, the content of which are irrelevant to what I was complaining about.

    I've also know her to deliberately provide false information, ie lie.

    She's not the only corrupt, incompetent loser at Twitter who should be fired - I would get rid of them all.