Twitter Resets User Passwords in Wake of Phishing Attack

Sarah Jacobsson, PCWorld

http://www.pcworld.com/article/188392/twitter_resets_user_passwords_in_wake_of_phishing_attack.html

Twitter Accounts Compromised by Phishing AttackEarly Tuesday, Twitter says it had to reset the passwords of a small number of accounts compromised in an external phishing attack.

“As part of Twitter’s ongoing security efforts, we reset passwords for a small number of accounts that we believe may have been compromised offsite,” Twitter wrote in a prepared statement.

Twitter said it took the security action because of a “combination of multiple bad acts.” One, it believes, is accounts being compromised by Twitter users signing up for what it described as “get followers fast schemes” luring people to a non-Twitter site. A Twitter spokesperson also said it suspects this third-party site “could have allowed hackers to gain access to email addresses and passwords. Those Twitter users who use the same email addresses and passwords could be affected.”

Graphic: Diego Aguirre

According to Twitter at least one account was compromised by a phisher. In that instance Twitter updates were sent out without the account owners knowledge, Twitter said. “While we’re still investigating and ensuring that the appropriate parties are notified, we do believe that the steps we’ve taken should ensure user safety,” Twitter says.

Twitter is no stranger to account hijacking. On Jan. 5, 2009, 33 prominent Twitterers (including Barack Obama and Britney Spears) had their accounts hacked by an individual. The hacker reportedly hacked the Twitter support tools (the tools Twitter uses to help users reset emails and passwords) and reset the passwords of the compromised accounts. In response to the attack, Twitter immediately shut down the support tools and restored the accounts to their rightful owners.

On May 21, 2009, Twitter was hit by a phishing attack in which phishers created fake Twitter accounts and began following legitimate Twitter users. The Twitter users received email notifications of their new followers, with a link that lead them to a fake Twitter site where they were prompted to enter their usernames and passwords.

Twitter isn’t alone grappling with phishing attacks. Recently Facebook joined forces with McAfee to offer it users free antivirus software and increased protection from third-party phishing attacks.

Since phishing attacks usually occur when people click on rogue links in emails (without checking to ensure that the emails are from who they say they’re from), there’s not much Twitter could have done to prevent the attack. However, security breaches like this one are unlikely to help Twitter’s falling growth rate.

Read and post comments | Send to a friend

Advertisements

About skicat56

Snow Sports Industry veteran – Husband – Father – Network IT Ninja & Former Powncer. Old enough to know better but young enough to start a new career.
This entry was posted in Security, Twitter and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s