Tweetie Pie Panic Revisited

Update: Graham Cluley’s issued a blog post  a couple of days ago suggesting that so far, at least some of the phishes described in our earlier blog about Twitter phishing have been used for old style defacement purposes rather than out-and-out fraud. (I suspect, though, that now this latest phishing genie is out of the bottle, there will be fraud…)

There has been a further development though: in a further blog, Twitter reported that the 33 compromised accounts owned by Britney Spears, Barack Obama, Rich Sanchez et al. were subject to a hacking attack, nothing to do with the phishing attacks reported below.

There have been unkind words on some specialist lists about Twitter’s competence: all I can say is, that for an organization that seems to be having a pretty bad year so far, they are making a serious effort to acknowledge and address their security problems, and deserve credit for it.

David Harley

Author David Harley, ESET

  • I’m not so sure the unkind words are not well-earned. An admin with “happiness” for a password? Dictionary attacks unthrottled?

  • Interesting. Thanks.

    I take your point, but I still think Twitter deserve some credit for taking some responsibility for the issue and trying to fix it.

    Actually, I’d kind of like to hear Twitter’s version of the GMZ story. I don’t really subscribe to the “everything a teen hacker says must be true” mindset that prevails in the media.

    Here’s what Twitter say they’re doing.

    “We are engaged in a full security review of all access points to Twitter. In the meantime, we are taking immediate action. First, we are increasing the security of our sign-in mechanism. For added security, we are further restricting access to our support tools. Events like this will happen from time to time to services like ours and its important how we conduct ourselves and that we take this as an opportunity to make Twitter stronger.”

    That might be so much spin. But it -sounds- like the right thing to say, and they’re actually discussing the issues that other people are raising, not just saying “we’re taking steps…”

  • did the Twitter Admin change his password to “sadness” after he was hacked? haha… ok not funny

  • Unkind, but not unfunny. :)

Follow us

Copyright © 2017 ESET, All Rights Reserved.