Simon Willison’s Weblog


Tuesday, 6th January 2009

The Twitter administrator hack was a dictionary attack. I quoted Blaine earlier suggesting that the recent Twitter mass-hack was due to a Twitter admin password being scooped up by a rogue third party application—this was not the case, as Alex Payne explains in a comment. # 11:56 pm

Update on the “antipatterns for sale” Twply auction (via) The collected username and password database is NOT included in the auction. # 9:41 am

As more details become available, it seems what happened is that a Twitter administrator (i.e., employee) gave their password to a 3rd party site because their API requires it, which was then used to compromise Twitter’s admin interface.

Blaine Cook # 9:37 am