Twitter hack exposes log-in flaw

The Twitter hack has exposed a potential flaw in the company’s systems after it emerged that certain apps – including Tweetdeck – automatically log users in without the need to type in a password.
The company has urged the 250,000 users affected by last week’s security breach to reset their passwords, but a change does not cause Twitter’s own apps for iPad or iPhone 5 to prompt users for the new password. Instead, it remains possible to post tweets from both.
This is the second hack attack in three months. In November last year, thousands of Twitter users were warned that their accounts may have been hacked although the company was accused of over-reacting by automatically changing passwords. The site has 200 million users.
A Twitter spokesman Jim Prosser did not deny that users can continue to access the service even after passwords have been changed. In a statement he said: “TweetDeck and other clients use [open authentication standard] OAuth, so as long as you don’t sign out, you don’t have to re-input your credential every time you open the app.”
However, the web page Twitter published to detail the attack says, in part, that “as a precautionary security measure, we have reset passwords and revoked session tokens for these accounts”.
Reports of the attack first emerged at the weekend and, although no personal details such as credit cards are held by the social media site, experts have warned users to beware a spate of phishing emails.
Internet security specialist Graham Cluley said: “You have to be careful if you get hold of one of these emails because, of course, it could equally be a phishing attack – it could be someone pretending to be Twitter.
“So, log into the Twitter site as normal and try and log in to your account and, if there’s a problem, that’s when you actually have to try and reset your password.”

Related stories
Twitter grovels after porn gaffe
Twitter rocked by hack attack

Print Friendly

1 Trackbacks & Pingbacks

  1. Tesco warns of Clubcard email threat

Comments are closed.