Welcome to WebmasterWorld Guest from 54.167.83.224

Forum Moderators: not2easy & rumbas

Message Too Old, No Replies

Hackers May Have 250,000 Twitter Accounts Usernames and Passwords

     
9:10 am on Feb 2, 2013 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:22282
votes: 236


As you may have read, there’s been a recent uptick in large-scale security attacks aimed at U.S. technology and media companies. Within the last two weeks, the New York Times and Wall Street Journal have chronicled breaches of their systems, and Apple and Mozilla have turned off Java by default in their browsers.

This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.Hackers May Have 250,000 Twitter Accounts Usernames and Passwords [blog.twitter.com]
10:59 am on Feb 2, 2013 (gmt 0)

Full Member

10+ Year Member

joined:Jan 5, 2003
posts:202
votes: 0


The hackers must have seen that Twitter is nearing $10 billion in value and wanted to get in on the action.
10:27 pm on Feb 2, 2013 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:22282
votes: 236


They are hoping to find links (passwords and logins ) to other important services
10:37 pm on Feb 2, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:May 31, 2006
posts:1207
votes: 7


I thought my Twitter account was hacked about 4 months ago and I changed my password to something I can't even remember. Now I'm glad I did that, as I don't use that password anywhere else. I wrote that password down... now that I'm thinking about it, I'm going to go change my facebook password to something crazy too, it's not a very strong password at the moment :-)
10:45 pm on Feb 2, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 28, 2003
posts:1977
votes: 0


If twitter would use two step authentication like google does we wouldn't have issues like this,,,at least not as often.
11:44 pm on Feb 2, 2013 (gmt 0)

Full Member

10+ Year Member

joined:Jan 5, 2003
posts:202
votes: 0


I changed my password to something I can't even remember. Now I'm glad I did that, as I don't use that password anywhere else.


Yes, that's the important takeaway from this. Sadly, we almost have to assume a certain percentage of our passwords being compromised.
7:50 am on Feb 3, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member sgt_kickaxe is a WebmasterWorld Top Contributor of All Time 5+ Year Member

joined:Apr 14, 2010
posts:3169
votes: 0


I've known Twitter wasn't secure for over two years now. How? Because I have a barely used account and about once a month I was seeing someone add themselves to my follow list, even though I never followed them. Every single time it happened their profile would show the little lock symbol so that anyone else following me could not see them.

I contacted twitter about it, no response.
8:30 am on Feb 3, 2013 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14622
votes: 85


've known Twitter wasn't secure...


Just because bots follow you doesn't make twitter insecure, it makes it spammy.
8:12 am on Feb 4, 2013 (gmt 0)

Full Member

10+ Year Member

joined:June 29, 2005
posts:216
votes: 0


If twitter would use two step authentication like google does we wouldn't have issues like this,,,at least not as often

Hardly. Your Twitter account isn't the important thing here. What is important, as was mentioned above, is that many/most people use the same credentials for multiple services. If hackers get a password for any given user, chances are that password is also used for other things (email accounts, e-commerce accounts, bank accounts, etc).

However, reading the article itself suggests that users were not the actual target here, but the organisation. In which case, 2-step wouldn't have made a blind bit of difference either.
12:28 pm on Feb 4, 2013 (gmt 0)

Preferred Member

10+ Year Member

joined:Feb 25, 2003
posts: 418
votes: 0


The list of usernames and passwords is yet to appear on any of the torrent sites or the file download sites, basically the usual suspect places where stolen data is posted by the thieves.

Would be nice to see how many of the 250K users were using "password" as their password assuming that the hackers will succeed in decrypting the passwords.
6:28 pm on Feb 4, 2013 (gmt 0)

Junior Member from US 

5+ Year Member

joined:Apr 11, 2006
posts:178
votes: 7


I guess this is further confirmation that maddeningly slow sites don't necessarily equal secure sites. Even my bank's site is much faster.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members