A successful attack on Twitter early Friday morning is being blamed on Twitter’s own email security, as hackers were able to get access to an email account and change a password, then redirect Twitter.com traffic elsewhere. Twitter suffered a security breach Friday morning that displayed a message from the “Iranian Cyber Army” for around an hour before Twitter.com became completely inaccessible. Early reports confirmed that Twitter itself had not been compromised: rather the DNS records (which send web users to the right place when hitting Twitter.com) had been changed to point to another location. Now Twitter’s DNS provider, Dyn Inc., has absolved itself of blame by claiming that the DNS records were changed by an authorized

user: in other words, the attacker had the password to Twitter’s Dyn Inc account, logged in and changed the settings. That points to one likely cause: a Twitter administrator had their email security compromised, and a password reset request was made. Twitter’s email security was also the cause of previous Twitter attacks : a breach of one staff member’s email account provided access. It’s a vulnerability that might lead some to question the security of web-based applications like Google Apps: if all your data is online, you’re only one password away from a major breach. Reviews: Twitter Tags: hack , twitter

See more here:
Twitter Email Security Blamed for Latest Hack