Phishing Ploy Forces Twitter to Reset Passwords

The microblogging site has reset some Twitter users' passwords after a phishing attack attempted to steal their login information.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

Twitter on Tuesday said it had to reset passwords for "a small number of accounts" after the microblogging site was targeted by a phishing attack.

The site said that attackers had attempted to steal the login information of users who had used their Twitter password username and password to sign up for an untrusted third-party application. Officials didn't disclose just how many accounts had their passwords changed, saying only that the third-party application had used the login information to post tweets to their accounts.

"As part of Twitter's ongoing security efforts, we reset passwords for a small number of accounts that we believe may have been compromised offsite," Twitter said in a statement. "While we're still investigating and ensuring that the appropriate parties are notified, we do believe that the steps we've taken should ensure user safety."

Being able to rapidly share information, links, photos and videos is big part of Tw itter's allure. But their popularity has long made them a prime target for online criminals.

"Social networks are large, successful targets because phishers exploit the trust the recipients have in their own social networks," Jamie Tomasello, abuse operations manager at security software maker Cloudmark, said in an e-mail to InternetNews.com. "The phisher also takes advantage of our natural curiosity to look at links in messages with sensational subject lines and our immediate desire to react to a warning message."

"Users receiving these types of messages should pause before responding, verify the sender, and ultimately go to the site directly instead of clicking on the link in the message," she added.

Additionally, many users are simply not careful enough in safeguarding their login information. Third-party sites such as twitpic.com, TweetDeck and twhirl require users to input their Twitter login information, but security experts say the practice of reusing usernames and passwords on multiple sites can lead to security breakdowns.

This isn't the first time Twitter has been targeted by hackers. In August, a denial-of-service attack perpetrated by a botnet delivered a flood of traffic that temporarily disabled Twitter and slowed Facebook and other services.

Twitter officials this week were quick to point out that the site hadn't been the source of a data breach and advised users to continue checking for updates on the situation at Twitter feeds @safety and @spam throughout the day.

Additionally, some users are receiving e-mails from Twitter recommending that they create a new password by following a provided link or by logging in directly at twitter.com.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Tags: Facebook, security, Twitter, cyber security, phishing

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.