Establishing Digital Trust: Don't Sacrifice Security for Convenience
Users of the Twitter micro-blogging service are being warned to change their passwords after a round of phishing incidents hit thousands of Twitter users over the weekend. In addition, the company said in a blog post today that it discovered 33 Twitter accounts had been "hacked," including CNN's Rick Sanchez and President-elect Barack Obama.
"We immediately locked down the accounts and investigated the issue. Rick, Barack and others are now back in control of their accounts," Twitter said in a blog post today.
The weekend problem involved messages apparently directing some users to Web sites that contain malicious code, with messages looking like they were sent by real Twitter users.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iIn an apparent tie-in to Macworld, which is running in San Francisco through Thursday, one phish today offered users a chance to win an iPhone if they provide their user names and passwords.
On its blog, Twitter is advising users to look closely at URLs they receive in tweets before signing in. On Saturday, in a follow up message, it told users to change their Twitter passwords if they think they need to.
A losing battle?
However, Twitter may be fighting a losing battle, according to Graham Cluley, senior technology consultant at security and antivirus vendor Sophos, who has been tracking the issue closely. "They've been doing a relatively good job of warning people, they've been trying to remove phishing messages from people's screens, but this is running away from them," Cluley told InternetNews.com.
Twitter co-founders Evan Williams, Biz Stone and lead engineer Alex Payne could not be reached for comment by press time.
The perils of tweeting
The Obama campaign account, which had not been used since election day, was hacked and used to send out an affiliate link to a survey, offering participants the chance to win $500 in gas money. Obama had made heavy use of Twitter throughout his campaign, and is the most followed person on the site according to Twitterholic.com, which provides statistics on the popularity of Twitter users.
"This is pretty embarrassing for organizations and corporate bodies trying to use Twitter to keep in touch with people," Sophos' Cluley said. "It's bad news for Twitter, which is trying to find a revenue stream."
Having been constantly dogged by questions about whether Twitter can survive and make money, CEO and co-founder Evan Williams said in December that the site was looking at getting revenue in the first quarter of this year. This most recent spate of phishing attacks may make it harder for the site to make money.
The problem will spread because several users have already provided their personal information to the phishers, Cluley warned.