HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 12 MINUTES AGO.
You are here: Home / Data Security / Twitter Hack Not Quite So Expensive
Twitter Password Reset Prompt Was Excess of Caution
Twitter Password Reset Prompt Was Excess of Caution
By Adam Dickter / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
NOVEMBER
10
2012

It's hard to imagine something worse than a nefarious hacker taking hold of your Twitter account, potentially sending out dozens of embarrassing or harmful Tweets in your name.

So when millions of Twitter users got emails this week warning them to change their passwords to keep their accounts from being compromised, most probably did so faster than you can say hashtag or microblog.

But it turns out that in most cases the warning was unnecessary.

'Our Bad'

Twitter on Thursday fessed up to a case of password overkill, announcing on its Status page that not as many accounts as they first assumed were suspected to be compromised.

"We're committed to keeping Twitter a safe and open community," Twitter said. "As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.

"In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused."

No explanation was given for the initial concern about the passwords or how many people were actually affected. A Twitter spokesman did not respond to our request for information in time for publication.

Security experts recommend changing passwords routinely, even when not prompted, to avoid having accounts hacked.

And users of any popular email or social media service should always double check whether "change your password" or "verify your account" prompts are legit.

Hover First

One common example of phishing -- the term that describes hackers' attempts to trick you into revealing passwords and other data -- is a fake email from PayPal threatening to limit the recipient's account privileges unless he or she clicks on a link in the message.

"You don't tell where a Web site goes by clicking on it," warns cyber security expert Graham Cluley of Sophos. "After all, you could be taken to a Web site that hosts malware or an exploit, which could -- afterwards -- take you to the real site."

Cluly suggests users hover their mouse cursor over the link to see where the pop-up tells you the destination will be.

"Even then, hackers could compromise a vulnerable Web site so that clicking on a link to a legit Web site ends up taking you to a dangerous page," he adds.

Cluley suggests a bit of homework before you respond to an "out-of-the-blue" reset-password email when there was no prior sign of trouble, such as unauthorized use.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
High Quality CRM Data: Prevent, detect and fix errors at the point of data entry for Dynamics CRM. Trillium Software helps you achieve an accurate, synchronized, single view of customers. It's time to trust your data. Take a product tour and read CRM Analyst opinions here.
MORE IN DATA SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
The FBI is pointing the finger of blame for the Sony Pictures cyberattack directly at North Korea. The hackers stole confidential data and caused the movie giant to can its new comic film, "The Interview."

ENTERPRISE HARDWARE SPOTLIGHT
Almost half of consumer, industry and life sciences manufacturers are expected to be using 3D printers within three years and now 3D printing services are aiming to help companies experiment.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.