Hacker Charged in Twitter Support Hack

Vendor Compromise Led to Defacement of Twitter Feeds
Hacker Charged in Twitter Support Hack

Cameron Lacroix of New Bedford, Mass., was charged July 2 in San Jose, Calif., with hacking Zendesk, a San Francisco company that provides helpdesk support to numerous companies, including Twitter.

See Also: Preventing an Inside Job: Detection, Technology and People

The news comes one week after Lacroix pleaded guilty to hacking computer networks of law enforcement agencies across the U.S., as well as at a local college (see: Hacker Pleads Guilty to Breaching Networks). He also pleaded guilty to obtaining stolen credit, debit and payment card numbers.

In this latest case, Lacroix allegedly hacked into Zendesk's website in February 2013 and disabled a security feature designed to limit who can view information pertaining to Zendesk's customers, authorities say. Lacroix is said to have then exported approximately one million Twitter support tickets to computers outside of Zendesk's network and used that information to compromise and deface the Twitter feeds for two companies.

The attacks allegedly resulted in Zendesk and Twitter incurring combined losses of over $200,000 in responding to the attacks, authorities say.

Lacroix has been charged with intentionally causing damage to a protected computer. If convicted, he faces a maximum sentence of 10 years in prison, a fine of $250,000, plus restitution. Lacroix is expected to make his first appearance on Aug. 8.

Past Incidents

Prior to the Twitter hack charges, Lacroix admitted to hacking into a computer server operated by a local Massachusetts police department in September 2012, and then accessing the e-mail account of its police chief. He also admitted to repeatedly hacking into law enforcement computer servers across the country which contained sensitive information including police reports, arrest warrants and sex offender information, between August 2012 and November 2012.

The Massachusetts man also admitted using stolen credentials to access and change information in the servers of Bristol Community College, Fall River, Mass., on multiple occasions between September 2012 and December 2013.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.