Chaos broke out late Thursday night and early Friday morning as the Iranian Cyber Army took over Twitter. Microbloggers worldwide were lost on what exactly was going on, and were unsure where they would be able to send their tweets. While the matter is still being investigated, reports from Twitter’s service provider, Dynect Inc. has said they are not the reason for the the break in as Twitter had first believed. It now seems the hackers were able to get into Twitter staff members emails and obtain the passwords to change the settings through Dynect.
“Someone logged in who purported to be a legitimate user of their [DNS] platform account and started making changes,” said Tom Daly, chief technology officer at Dyn to The Washington Post.
Daly told Security Fix that the redirection lasted about 90 minutes.
“We had seen some interesting activity coming in, and said ‘Hmm, there’s something going on here,'” Daly said. “As soon as we detected what the issue was, we snapped into action and contacted Twitter.”
The investigation continues, while Twitter remains quiet, other than releasing a simple statement on Friday evening, “During the attack, we were in direct contact with our DNS provider, Dynect. We worked closely to reset our DNS as quickly as possible. The motive for this attack appears to have been focused on defacing our site, not aimed at users—we don’t believe any accounts were compromised. If you’re concerned that your account could have been affected in some way, feel free to contact us, firstname.lastname@example.org.”