Archive for the ‘Phishing’ Tag

33 accounts hacked on Twitter

After a weekend filled with phishing direct messages Twitter users might want to seriously consider changing their passwords (if they haven’t done so already) after hearing about the latest escapade. 33 high profile Twitter accounts were hacked and random (albeit somewhat funny) tweets were sent out from the accounts.

Among the targeted were President elect Barack Obama, Rick Sanchez, Facebook, and Britney Spears. (For screenshots of some of the hacked messages/accounts, visit TechCrunch)

sancheztwitterFor most users, the security breach brought forth more suspicion about Twitter’s privacy and security policy, and sigh of relief as only the “media elite” seemed to be targeted. (However, Michael Arrington of TechCrunch was not targeted and feels “kind of left out”).

Arrington commentThe recent hack, which seems to be the efforts of a prankster, illuminates Twitter’s need for increased security for its users. As Twitter’s population continues to grow, their safety and security efforts should be scalable.

On a brighter note, amidst all of the “panic” Twitter announced in their post today (aptly named “Monday Morning Madness”) that they  “plan to release a closed beta of the open authentication protocol, OAuth this month” which is good news for developers and users alike. Though Twitter is quick to note that OAuth wouldn’t have saved their hides in a phishing scam or hacking attempt, it “is something we can provide so that folks who use third party applications built on the Twitter API can access to their data while protecting their account credentials.”

Advertisements

Beware: Twitter and Facebook Phishing scam

The internet is all a twitter with talks about the latest phishing scam to hit popular sites like Facebook and Twitter. 

Twitter’s Get Satisfaction forum (their help pages) are quickly being filled with users pleading for help, saying they were recently phished. 

GetsatisfactionTwitter has quickly jumped on the alert bandwagon, posting a message above Twitter feeds on the actual site Twitter.com reading:

TwitterwarningHowever, their main blog, as of 5:50pm  PT on January 3rd remained free of any additional information, but their status blog did have a brief update. In addition to this, users who don’t access Twitter through Twitter.com and instead use popular third party sites like tweetdeck or through their iphone might not see the message and instead, must rely on their friends to retweet the warning.

CNET reports that the phishing scam mimics the recent Facebook Koobface virus:

 Direct messages (DMs) are showing up in Twitter accounts with appealing come-ons to visit a site on blogspot.com. The text is, “hey! check out this funny blog about you…” The URL in the message then redirects to a page that looks like the Twitter login page, but is actually not on Twitter–it’s a site, twitter.access-logins.com, that masquerades as Twitter to steal your login credentials instead.

Recent reports also note that Facebook is also being spoofed in a similar login manner, so user’s best bet is to check their URL for authenticity before clicking on any links in DMs. If it isn’t a pure Twitter.com URL, don’t provide your login credentials.

As far as the “Tweet alert system” goes, I’d say this would make a great case for Twitter to strong-arm their users and pull a MySpace– compelling users to receive messages or Tweets from “Tom” — aka Evan Williams in Twitter’s case, anytime there’s a potential security threat. This would surely assuage many users who are “frantic” with the sheer thought of identity theft.