3 Ways a Twitter Hack Can Hurt You
As Twitter investigates how several high-profile accounts were attacked, security expert Graham Cluley points to the potentials risks to all users when a system is compromised
By Joan Goodchild , Senior Editor
January 06, 2009 — CSO —
Just days after popular social networking tool Twitter was hit with a phishing scam, the company is now trying to clean up a mess surrounding a separate hacking attack.
Over the weekend, some Twitter users received tweets (as Twitter messages are called) inviting them to visit certain sites or blogs. The URL in the message redirected users to a bogus login page in an attempt to steal login credentials for a phishing scheme. Monday, things got worse as Twitter officials revealed several high profile accounts, such as those of Britney Spears and Barack Obama, were hacked.
"It appears someone gained access to the tools Twitter uses to control its millions of accounts," explained Graham Cluley, a senior technology consultant at security firm Sophos PLC. "Internal tools used by the tech support team were compromised. It's not clear if it was an inside job, or outside hacker. Twitter does say they think it was an individual."
The hack, according to Cluley, is much more serious than the earlier phishing attack because it was compromise of the system that potentially exposed all Twitter users to the following dangers.
Fraudalent password use
If you gain access to someone's Twitter account, you might be able to gain access to their password, said Cluley.
"We know that 41 percent of people admit to using the same password on every web site and account that they access," he said. (See How to Write Good Passwords for advice on creating a set of passwords that are memorable but not identical.)
Hackers, while gaining access to something seemingly simply like a username and password to a non-critical account, may very well be able to use the information to gain access to more important information, such as your bank account.
Twitter officials said 33 accounts had been attacked in the latest hack, including high-profile users such as Britney Spears and Barack Obama. The hackers used their temporary access to send offensive messages. CNN journalist Rick Sanchez found his account had been hacked with a message that read "i am high on crack right now might not be coming to work today."
The damage could have been much worse, said Cluley, if the hacker had decided to take a different approach.
"Imagine if instead, in the case of Britney Spears account for example, that the hacker had posted a link that said: 'Here's my new video. Click on this link.' Imagine how many people would have clicked on that and it could have pointed to malware? And Barack Obama is one of the most followed people on Twitter. If he said: 'I've just made a new speech. Check it out.' a lot of people would click on that link and get infected."