Simon Willison’s Weblog

Subscribe

Tuesday, 6th January 2009

As more details become available, it seems what happened is that a Twitter administrator (i.e., employee) gave their password to a 3rd party site because their API requires it, which was then used to compromise Twitter's admin interface.

Blaine Cook

# 9:37 am / oauth, security, twitter

Update on the “antipatterns for sale” Twply auction (via) The collected username and password database is NOT included in the auction.

# 9:41 am / antipatterns, twitter, twply

The Twitter administrator hack was a dictionary attack. I quoted Blaine earlier suggesting that the recent Twitter mass-hack was due to a Twitter admin password being scooped up by a rogue third party application—this was not the case, as Alex Payne explains in a comment.

# 11:56 pm / alex-payne, blaine-cook, security, twitter