Hot on the heels of yesterdays news about large-scale phishing attempts targeting Twitter users, Twitter just announced that a number of high-profile accounts were hacked.
These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their Twitter account when they can’t remember or get stuck. We considered this a very serious breach of security and immediately took the support tools offline. We’ll put them back only when they’re safe and secure.
So it appears as though Twitter is off to a bad start this year. The timing of these two events suggests they might be related; perhaps a member of the support team was tricked into sharing his account info with the phishers, and that’s how these hackers got access to the support tools. It might also be a separate issue where there was a bug in the support tools that could allow any attacker access to them, but that would be an amazing coincidence.
Graham Cluley at Sophos has some more details about the timing of the events, and a screenshot of the Britney Spears twitter page shortly after the hack.