Twitter is once again in the spotlight for dealing with security issues on the popular micro-blogging platform. Late Friday, 750 Twitter accounts were compromised and used to propagate malicious links that led to porn, and thanks to embedded JavaScript, porn related advertisements installed on the system.
Twitter hit by account hijacking attack - 750 accounts confirmed compromised (IMG: Twitter)
“Today we discovered about 750 Twitter accounts were broken into and had a link to a webcam site posted on the accounts. It appears other sites and services have been affected by a similar attack. We reset the passwords of the compromised accounts and removed the spammy updates. Our safety team is currently investigating the attack,” was the message posted on the Twitter blog Friday.
As of this morning, no one is sure of the exact cause. There have been some guesses that could turn out to be true.
“The most likely vector of this attack is probably via one of the numerous 3rd party Twitter services that ask for your username and password in order to provide additional functionality (statistics, alerts, etc),” wrote Ben Metcalfe, who was one of the targets in the Spam spewing.
“It’s unlikely that any reputable service would have done this intentionally, but very likely someone was able to maliciously gain access to their database and steal all of the twitter username/passwords,” he added.
In the past, Twitter was vulnerable to account hijacking after an employee used a weak password on their backend systems used for access and controls. In that instance, long since fixed, Twitter had no lockout in place for failed password attempts. The attacker simply kept guessing passwords until one worked.
Last month, it was discovered that Twitter was vulnerable to Clickjacking, leading to automatic posts to accounts. The Clickjacking vulnerability was fixed, twice, but that doesn’t mean that all of the bugs are out of the system.
Trend Micro’s Rik Ferguson posted about the attack and the method to install the porn related ads on the system. In his post, he noted the same attack and the same Web site, chatwebcamfree, were used on Facebook in February.
If your account was one of the 750 that suddenly started spewing Spam, Twitter has removed the messages, and suggests you change your password. As always, never use the same passwords on social networking sites that you use for sensitive Internet access such as banking or Webmail.
Update:
There is another side to this story as well. Christophe Veltsos, Dr. InfoSec to most of us, wrote to remind everyone about an important fact. “Old tweets never die.”
“While Twitter officials said they removed the "spammy" posts, a twitter search revealed that old tweets never die. It appears the Twitter search engine ignores deleted posts and happily displays valid & deleted posts for all to see,” he said.
“To prove the theory, I decided to tweet and quickly delete the following: ‘This message has been deleted and should NOT show up in Twitter search.’ If you search for it on Twitter search, and possibly other third-party search tools, it will show up,” the good Doctor added.
“This behavior exposes people's mistakes, and in the case of this recent attack, continues to paint a virtual target on their backs by revealing who fell for the scam in the first place.”
The Tech Herald: Twitter’s Clickjacking fix broken – then quickly fixed again
The Tech Herald: Twitter account hijackings raise concerns over account protection
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story