Tuesday, 6th January 2009
The Twitter administrator hack was a dictionary attack. I quoted Blaine earlier suggesting that the recent Twitter mass-hack was due to a Twitter admin password being scooped up by a rogue third party application—this was not the case, as Alex Payne explains in a comment. # 11:56 pm
Update on the “antipatterns for sale” Twply auction (via) The collected username and password database is NOT included in the auction. # 9:41 am
As more details become available, it seems what happened is that a Twitter administrator (i.e., employee) gave their password to a 3rd party site because their API requires it, which was then used to compromise Twitter’s admin interface.
— Blaine Cook # 9:37 am