Twitter breach leaks emails, passwords of 250,000 users If you find that your Twitter password doesn't work the next time you try to login, you won't be alone. The service was busy resetting passwords and revoking cookies on Friday, following an online attack that may have leaked the account data of approximately 250,000 users. "This week, we detected unusual access patterns that …
What "critical" information could possibly be in someone's Twitter account? And if people are keeping critical information in Twitter or Facebook or whatnot, doesn't that really just speak volumes about their complete lack of common sense regarding security?
Isn't everything in a Twitter account out there for public view already anyway? What am I missing - I don't get why it matters if a Twitter account password is hacked. I guess someone could use the hacked account to do Twitter-spam with?? I'm totally confused on this one.
Maybe the point is to gather passwords for future use - if a similar hack gathers account info for another more important service and the miscreants can link any of the accounts (eg by name) to the same user then maybe the password will do for the second one?
Otherwise, I agree there doesn't seem to be any real point to it.
"Sending out 250K tweets with the same message could be effective."
Doubly so if there's a link to an attack or phishing site in those tweets. Twitter's insistence on re-short-linking URLs that are already short links puts paid to my Firefox addon that displays the original URL, are there any capable of displaying the end result of 'nested' short links?
So, your a Twitter user and you receive a link from someone who Follows You/You Follow. You are far more likely to click through to that link than if it (a) was an 'unknown' Tweeter or (b) email spam.
Next one - so, your a dissident in Some Country (let's not name names) and your receive a a DM from a colleague you trust...maybe asking y for contact info on other dissidents.
Etc.
Remember, Twitter claim to have reduced the number of compromised account ts through prompt action - the more they had the greater the threat
To thoughtlessly disparage the potential for serious impact implies to me you haven't thought this one through - have another go at this one (I know it's Saturday morning and all)
The java vulnerability is key here.
It works by running a malitious script when a link is pressed in a compromised site.
Here's how it could work:
you see a tweet from somone you follow and trust "hey look at this"
you click on the link, go to the compromised site "press to enter site dialog box" which you click on.
the javascript runs in the background and your system is compromised.
A great way to build a botnet...
".... I'm not a political person, however in the past I have used Twitter to criticize the IDF..." Don't worry, most people that criticise the IDF also aren't political, they're just anti-Semitic. And it was Twatter, so no chance that anyone of import would have been paying attention anyway.
Rubbish. Most people that criticise the IDF don't like the US funding a terrorist state and their money being used to kill and commit genocide on Palestinans - you know well documented policies such as- white phosphorhous being used widely on civilians, shelling families on beaches, leaving booby trap bombs where children are known to play, deliberately shooting children, that sort of thing...
False claims that objecting to such barbaric behaviour is in some way antisimitic is in fact a common defensive tactic of those that support these atrocities
".....Most people that criticise the IDF don't like the US funding a terrorist state....." OK, so shall we look at your "reasoning"? Did you protest maybe because you think Israel "steals" land? In which case, did you give equal Twatter time to protesting China's occupation of Tibet? Or did you complain about the IDF killing Fakeistinian "freedom fighters"? Then I expect you also dissed Syria, Lebanon and Jordan? Oh, you did know all three have spent plenty of time hunting down and killing PLO and other groups that have tried to usurp their control? What a surpsie - you didn't.
Of course, if you didn't give equal airtime to criticising anyone other than Israel, then I'd have to draw the conclusion that you are just a know-nothing member of the sheeple, being herded by the trendy protest-du-jour, or just an anti-Semite pretending to yourself you are not racist.
Argh. I was one of those accounts. I've taken Twiter potshots at Israel, Palestine, China and the US. I am, if nothing, an equal opportunities critic. I'm pretty certain the IDF has no interest in me at all, thanks.
I've pretty much disabled Java on my end, and was only using Twitter API clients when the password was reset.
I'm pretty certain that the hack, if it involved Java, must have happened on Twitter's end, which meant a few NoSQL shards were captured. How else would they get the salt and hashed passwords?
If you're a techie outfit, you need to be able to spell and use techie words properly.
"next time you try to login" < should be "LOG IN" not "LOGIN"
"the next time you login" < should be "LOG IN" not "LOGIN"
You can _have_ a login, because it's a noun. "Log in" is the verb.
You wouldn't say "I loginned" (would you?). Or "I am logining."
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
