Twitter defacement

It is all over the news today that Twitter was defaced yesterday. Lots of speculation regarding what happened, but that’s the alert I received yesterday from Sucuri Network Monitor:

Sucuri nbim: DNS modified

< has address
< has address
> has address

This alert was generated by the Sucuri Network Integrity Monitor. Log in to your dashboard at

So we can see that it was indeed a DNS redirection attack and that probably their servers weren’t attacked directly.

If you are curious were they are hosting their DNS, here it is:

Domain Name: TWITTER.COM
Whois Server:
Referral URL:
Name Server: NS1.P26.DYNECT.NET
Name Server: NS2.P26.DYNECT.NET
Name Server: NS3.P26.DYNECT.NET
Name Server: NS4.P26.DYNECT.NET
Status: clientTransferProhibited
Updated Date: 27-may-2009
Creation Date: 21-jan-2000
Expiration Date: 21-jan-2018

If you tried to access their services last night, we recommend changing your password ASAP. If you want to monitor your own domain names for this kind of issue (for free), visit

About David Dede

David Dede is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Share This