Twitter resets passwords due to phishing attack

Yesterday, Neowin reported on a press release from Sophos security that shows a significant rise in network attacks on Facebook and Twitter. This press release suggested that developers of social networks must take initiative to ensure the safety of their users. One day after this report was released, PC World reports that Twitter reset a number of user passwords after being exposed to a phishing attack.

Twitter said in a prepared statement, "As part of Twitter's ongoing security efforts, we reset passwords for a small number of accounts that we believe may have been compromised offsite. While we're still investigating and ensuring that the appropriate parties are notified, we do believe that the steps we've taken should ensure user safety."

Twitter said it took the security action citing a "combination of multiple bad acts." They believe that users were being compromised after being duped by an email scam from a third-party site which claimed to allow users to "get followers fast". They also suspect this third-party site could have allowed hackers to gain access to email addresses and passwords.

This is an important step that Twitter has taken, and it reflects what was reported yesterday. Additionally, Facebook did something similar a few weeks ago making a deal with McAfee, even though it was not heavily publicized. Users need to keep in mind that privacy starts with the website and ends with the user. Users should know the neccessary precautions when they browse the Internet and take the necessary steps to protect themselves.

Report a problem with article
Previous Story

Microsoft confirms Office 2010 has reached the Release Candidate stage

Next Story

Facebook unveils HipHop for PHP 'source code transformer'

7 Comments

Commenting is disabled on this article.

"This press release suggested that developers of social networks must take initiative to ensure the safety of their users"

Yeah,
Like take these worthless sites down, would be a good action!!

as usual another simple thing that can be easily avoided if people pay more attention to what there doing instead of just going along with whatever it says on screen.

in general i think a easy way to avoid this stuff is if you don't see that SECURE icon in the browser than you plain and simply don't log in etc. but even just looking at the basic website it's taking you to i am sure can give away a lot of info if your being scammed etc.

a while ago i got a email (credit card related) asking for some of my info and it looked pretty legit on the surface but i could tell something was up when i started looking into the details on it and sure enough it was a phishing attempt.

ThaCrip said,
as usual another simple thing that can be easily avoided if people pay more attention to what there doing instead of just going along with whatever it says on screen.

in general i think a easy way to avoid this stuff is if you don't see that SECURE icon in the browser than you plain and simply don't log in etc. but even just looking at the basic website it's taking you to i am sure can give away a lot of info if your being scammed etc.

a while ago i got a email (credit card related) asking for some of my info and it looked pretty legit on the surface but i could tell something was up when i started looking into the details on it and sure enough it was a phishing attempt.

While I fully agree with you, so many people (not the ones on this site of course) do not KNOW what the secure lock means, or even that httpS is not the same as http. They know about encryption as a word because its used on shows like CSI where they go "yeah this mafia guy encrypted his hard drive" but they never think that their web browser can encrypt the information they send or even WHERE it gets sent. Its one of those things that either they do not care or are not taught basic things to look for.

Most states now (if not all) require you to take a gun safety course before you can own or buy a gun, but the Internet on the other hand, anyone with a phone/computer etc can use. No one teaches them what to look out for or how to protect their self.

In short, the people do not KNOW to not log in to another site saying its "twitter.com.hax0r.to" because it SAYS twitter.com in the URL. They just do not know any different.

That is the hardest part to some on the internet like young children and older adults who just see it as a tool and not a place where someone may do evil and try to harm them or use their information for personal gain.

I often wonder why Internet Security is not a basic introductory class which is taught to more people.

Holoshed said,
That is the hardest part to some on the internet like young children and older adults who just see it as a tool and not a place where someone may do evil and try to harm them or use their information for personal gain.

I often wonder why Internet Security is not a basic introductory class which is taught to more people.

Agreed!