Gizmodo's Twitter hijacked following hack of iCloud account
Posted on 06 August 2012.
Followers of popular technology weblog Gizmodo have been faced with some very offensive tweets coming from the site's Twitter account on Friday.

Many have accurately surmised that the account has been hijacked, and Gizmodo immediately started an investigation into how it happened.

First, they believed that former employee Mat Honan was responsible for the tweets, as the messages seemed to be coming from his Twitter account, which was liked with Gizmodo's.

And they were partially right: the tweets were coming from there, but were not written by Honan. As it turns out, his Twitter account has also been compromised by the same attackers.

They call themselves "Clan VV3" and have, in the past, hijacked a number of high-profile Twitter and YouTube accounts.

Gizmodo has, fortunately, managed to regain control of their own Twitter account very soon and has already deleted the offending messages, but Honan hasn't been so lucky: his Twitter account has been suspended for much longer, his Gmail account deleted, his iPhone, iPad and Macbook wiped clean.

As it turns out, the hackers managed to get access to his iCloud account and from there to his Gmail and Twitter accounts. He initially thought that the hackers managed to brute-force their way into iCloud, but has since discovered that wasn't the case.

"Confirmed with both the hacker and Apple. It wasnít password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions. Apple has my Macbook and is trying to recover the data. Iím back in all my accounts that I know I was locked out of," he wrote on his blog.

While he obviously couldn't have prevented the iCloud compromise, he admits that the Google account is another matter, as he hasn't set up two-factor authentication which would have prevented it being breached, and likely prevented the compromise of his Twitter account and that of Gizmodo.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th