Shawn Smith, DevOps Engineer at nVisium, a Falls Church, Virginia-based application security provider, notes, “There’s several ways these high profile Twitter accounts could have been compromised. For example, a fairly common support feature is to allow administrative and other privileged personnel to impersonate other users to test functionality as that user. So if Twitter has made this sort of a setup available, it is quite possible an account with access to this feature was compromised therefore leading to additional account compromise. As such, if a staff (or worse, a privileged) account was compromised, it could also just be using it to reset passwords and login for the targeted accounts. SMS interception on password resets, and password reset logic flaws are also vectors for general social media account compromise. Additional other ways for Twitter account compromise are generally due to phishing attacks or linked accounts being taken over, but the number of accounts being compromised so quickly makes these attack vectors somewhat unlikely unless carefully coordinated and orchestrated by a syndicated effort. However, without a detailed analysis, we are all just speculating.”

Read entire article here