Popular microblogging site Twitter faced a double whammy security breach over the weekend. 33 Twitter accounts were hacked including prominent Twitter-ers like CNN's Rick Sanchez, Fox News, Britney Spears and Barack Obama (who has been fielding criticism lately for dropping his interest in Twitter and other social networking sites since he won the election). Twitter users were also the targets of an unrelated phishing attack.
Before we continue with the details on the above hacks, here is our off-topic warning. This post is not about Microsoft, although we admit that we could, if we wanted to, engage in some mental Olympics to make it somehow relevant. (We could for instance, use it as a reason to talk about Twitter/Windows Live Messenger integration tools such as Twessenger, which posts your Tweets to your Messenger Personal Message at regular intervals. Or we could mention the fact Microsoft Subnet is a Twitter user and despite these security problems, we want you to add us to your list of Tweeps.)
However, the hacks are interesting to any IT person who works at a company that uses Twitter as a marketing tool. The 33 Twitter accounts were compromised by someone who hacked into Twitter's support systems, used to perform tasks such resetting forgotten passwords, the Twitter team said. Twitter promptly took the tools offline, officials said, and won't put them back until the company feels they are secure.
In the meantime, Twitter users this weekend were also the subject of a phishing scam which preyed on Twitter's own internal private messaging system. Victims were sent a direct message and/or a direct message email notification that redirected them to a page that looks like Twitter.com but uses a telltale slightly altered URL.
Twitter is working to beef up its security. This month it will release a closed beta of an open authentication protocol, dubbed OAuth, intended to secure access to Twitter accounts from third party applications built on the Twitter API. However, the Twitter folks warn that OAuth wouldn't have prevented the weekend's security issues. While Twitter's lack of security is frustrating (and even a bit funny, considering some of the Tweets the hacker posted to various compromised accounts), the company is to be commended for 'fessing up to both the hack and the phishing scheme right away.
Also see
12 tips for safe social networking
Visit the Microsoft Subnet web site for more news, blogs, podcasts. Also see:
9 myths of Microsoft virtualization busted or confirmed
Top 10 biggest stories in 2008 from Microsoft Subnet
Microsoft makes more promises for Windows 7 performance
8 little-known technologies that instantly make Microsoft shops run smoother
17 job-hunting resources for Windows pros
Subscribe to all Microsoft Subnet bloggers.
Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community, and is written by Online Community editor Julie Bort. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter. The newsletter includes news generated by the Microsoft Subnet community as well as other Microsoft news stories published by Network World.
The Leader in Network Knowledge
LOL
PHISING on twisster!! - Bad news but its good to know, thanks Julie/Microsoft Subnet
Post new comment