Taking the Tweet out of Twitter
According to a recent New York Times article, the popular “micro-blogging” site, Twitter, has been the victim of a series of recent hacking and phishing attacks. The article explains that 33 member accounts, most of them belonging to big-names like President-elect Obama and Brittany Spears, were hijacked by an attacker who gained access to Twitter’s support team tools. The attacker recovered email addresses and passwords associated with user accounts and posted obscene and inappropriate updates. Twitter users also became the victims of phishing by receiving emails with links to “Free iPhones”, which directed them to a spoofed Twitter login page.
This site has been steadily gaining popularity, which the article states, may have been reason enough for an attacker to exploit the vulnerabilities in the support tools. Being a small but quickly-growing company Twitter also may not have had the funding or the time to put as much thought into the security of their tools as was necessary.
As it did not state exactly where or what the vulnerability was in the article, it is hard to say what sort of security measures Twitter could have used to prevent such attacks. Stronger authorization requirements for the support tools and more secure user authentication practices could probably have been used, but the very fast response time to these attacks is an indicator that Twitter does have security measures in place to quickly detect an attack. Both the limited number of account that were hijacked and the almost immediate removal of the faulty tool reflect some positive light on an otherwise negative situation.