Funny and frustrating: Twitter hacked, phished

Popular microblogging site Twitter faced a double whammy security breach over the weekend. 33 Twitter accounts were hacked including prominent Twitter-ers like CNN's Rick Sanchez, Fox News, Britney Spears and Barack Obama (who has been fielding criticism lately for dropping his interest in Twitter and other social networking sites since he won the election). Twitter users were also the targets of an unrelated phishing attack.

Before we continue with the details on the above hacks, here is our off-topic warning. This post is not about Microsoft, although we admit that we could, if we wanted to, engage in some mental Olympics to make it somehow relevant. (We could for instance, use it as a reason to talk about Twitter/Windows Live Messenger integration tools such as Twessenger, which posts your Tweets to your Messenger Personal Message at regular intervals. Or we could mention the fact Microsoft Subnet is a Twitter user and despite these security problems, we want you to add us to your list of Tweeps.)

However, the hacks are interesting to any IT person who works at a company that uses Twitter as a marketing tool. The 33 Twitter accounts were compromised by someone who hacked into Twitter's support systems, used to perform tasks such resetting forgotten passwords, the Twitter team said. Twitter promptly took the tools offline, officials said, and won't put them back until the company feels they are secure.

In the meantime, Twitter users this weekend were also the subject of a phishing scam which preyed on Twitter's own internal private messaging system. Victims were sent a direct message and/or a direct message email notification that redirected them to a page that looks like but uses a telltale slightly altered URL.

Twitter is working to beef up its security. This month it will release a closed beta of an open authentication protocol, dubbed OAuth, intended to secure access to Twitter accounts from third party applications built on the Twitter API. However, the Twitter folks warn that OAuth wouldn't have prevented the weekend's security issues. While Twitter's lack of security is frustrating (and even a bit funny, considering some of the Tweets the hacker posted to various compromised accounts), the company is to be commended for 'fessing up to both the hack and the phishing scheme right away.

Also see

12 tips for safe social networking

Visit the Microsoft Subnet web site for more news, blogs, podcasts. Also see:

9 myths of Microsoft virtualization busted or confirmedTop 10 biggest stories in 2008 from Microsoft SubnetMicrosoft makes more promises for Windows 7 performance8 little-known technologies that instantly make Microsoft shops run smoother17 job-hunting resources for Windows pros Subscribe to all Microsoft Subnet Microsoft newsletter. (Click on News/Microsoft News Alert.)

Sign up for the

Copyright © 2009 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022