A French site posted screenshots that supposedly show Twitter’s admin pages earlier today. While the fact that somebody apparently managed to gain access to one of their admin accounts is not really newsworthy any longer given Twitter’s recent track record, the screenshots themselves are interesting to look at.
The admin options look legitimate; there are various reporting options and ways to manage users. As an example, we learn that Barack Obama is not using his brand-new government-issued Blackberry for Twitter, and that the communication between the members of Twitter’s admin team leaves a bit to be desired:
But the most interesting screenshot are the “Darkmode” options (mirror). There are various options available that allow admins to disable certain functions of the website. It looks as though OAuth was enables at the time the screenshots were taken. Their team has also been considering the security risks of shortened URL’s; search.twitter.com has recently started offering an “expand URL” option for links generated with popular shortening services such as bit.ly and tinyurl.com, and their admin page has an option to disable these URL’s completely.
Update: Twitter has now publicly acknowledged the breach, and says that only 10 accounts have been accessed:
Our initial security reviews and investigations indicate that no account information was altered or removed in any way. However, we discovered that 10 individual accounts were viewed during this unauthorized access