It’s now confirmed that recent breaches of Twitter accounts belonging to celebrities were separate to a phishing scam carried out across the network. Several posters on an Internet discussion forum have now claimed credit for either the original hacking or for abusing the uncovered login details.

As I noted as a possibility in yesterday’s report on the phishing attacks, it wasn’t certain that people posting bogus messages on celebrity accounts had got access through the phishing scam. Whatever your views on the celebs involved, it seemed a little too good to be true that they’d all been caught out by a bogus log-in page, particularly given that Barack Obama for one had not used his account in several weeks.

Twitter has now confirmed that 33 accounts had been hacked into, many of them belonging to high-profile users. In a company blog post, co-founder Biz Stone notes that this wasn’t done through phishing. Instead the offenders hacked into Twitter’s system tools used by its support team for dealing with issues such as lost passwords. These tools are now offline until the firm has made sure they are working securely again.

It appears a poster with the user name ‘GMZ’ posted on the discussion forum Digital Gangster to announce he had the log-in details and offering to send them privately to other posters. This means the actual messages which appeared on Twitter pages may have come from multiple sources.

The site has a reputation for such activity: it’s where photographs of Miley Cyrus were posted after her Gmail account was hacked into last July.

PCWorld points out that tracing some of the offenders may be relatively easy as a post on Barack Obama’s account included an affiliate link. Whoever was set up to receive cash from clicks on this link is likely to be receiving a visit from authorities in the near future.

Related:

Entry was posted on Tuesday, January 6th, 2009 at 4:31 pm under Hacking, Legal, Scams, Social Media, Web2.0.

Read more entries by John Lister.
Stumble It!