Teenage Twitter systems hacker admits guilt
It doesn’t appear that his motive for hacking Twitter was for financial gain, but it has forced the social network to take a good look at its security processes.

An 18-year old hacker, who managed to breach Twitter's administration systems and take over multiple high-profile accounts, has admitted his guilt.
The teenager, who goes by the handle GMZ, told the Wired Threat Level blog that he broke into Twitter's administrative control panel by using an automated password-guesser program on the account of a popular user.
It turned out that this user was a Twitter support staff member called "Crystal", who had chosen the easy-to-guess password "happiness". He said that breaking into the account was easy as Twitter allowed an unlimited number of rapid log-in guesses.
Using a self-created tool, he used a dictionary program which automatically tried English words and managed to gain access into Crystal's account. He was then able to access any other Twitter account by resetting an account holder's password.
He told Wired in an IM interview: "I feel it's another case of administrators not putting forth effort towards one of the most obvious and overused security flaws. I'm sure they'll find it difficult to admit it."
He didn't use the hacked accounts personally, instead offering hackers in his forum access to any Twitter account by request. This led to the access and defacement of feeds for Barack Obama, Britney Spears, Fox News and Facebook among others.
Twitter confirmed to Wired that the intruder had used a dictionary attack to gain access to the administrative account, although it refused to confirm the other details. It has so far not taken any legal proceedings.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Co-founder Biz Stone did say in a follow-up email that Twitter was doing a "full security review on all access points to Twitter. More immediately, we're strengthening the security surrounding sign-in. We're also restricting access to the support tools for added security."
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly
-
I love magic links – why aren’t more services using them?
Opinion Using magic links instead of passwords is safe and easy but they’re still infuriatingly underused by businesses
By Solomon Klappholz
-
Password management startup Passbolt secures $8 million to shake up credential security
News Password management startup Passbolt has secured $8 million in funding as part of a Series A investment round.
By Ross Kelly
-
LastPass breach comes back to haunt users as hackers steal $12 million in cryptocurrency
News The hackers behind the LastPass breach are on a rampage two years after their initial attack
By Solomon Klappholz
-
GitHub launches passkeys beta for passwordless authentication
News Users can now opt-in to using passkeys, replacing their password and 2FA method
By Daniel Todd
-
Microsoft SQL password-guessing attacks rising as hackers pivot from OneNote vectors
News Database admins are advised to enforce better controls as attacks ending in ransomware are being observed
By Rory Bathgate
-
No, Microsoft SharePoint isn’t cracking users’ passwords
News The discovery sparked concerns over potentially invasive antivirus scanning practices by Microsoft
By Ross Kelly
-
Microsoft Authenticator mandates number matching to counter MFA fatigue attacks
News The added layer of complexity aims to keep social engineering at bay
By Connor Jones
-
As Google launches passwordless authentication for all, what are the business benefits of passkeys?
News Google follows Apple in its latest shift to passwordless authentication, but what are the benefits?
By Ross Kelly