HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 3 MINUTES AGO.
You are here: Home / Network Security / Twitter Hack Not Quite So Expensive
Neustar, Inc.
Protect your website & network using real-time information & analysis
www.neustar.biz
Twitter Password Reset Prompt Was Excess of Caution
Twitter Password Reset Prompt Was Excess of Caution
By Adam Dickter / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
NOVEMBER
10
2012
It's hard to imagine something worse than a nefarious hacker taking hold of your Twitter account, potentially sending out dozens of embarrassing or harmful Tweets in your name.

So when millions of Twitter users got emails this week warning them to change their passwords to keep their accounts from being compromised, most probably did so faster than you can say hashtag or microblog.

But it turns out that in most cases the warning was unnecessary.

'Our Bad'

Twitter on Thursday fessed up to a case of password overkill, announcing on its Status page that not as many accounts as they first assumed were suspected to be compromised.

"We're committed to keeping Twitter a safe and open community," Twitter said. "As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users.

"In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused."

No explanation was given for the initial concern about the passwords or how many people were actually affected. A Twitter spokesman did not respond to our request for information in time for publication.

Security experts recommend changing passwords routinely, even when not prompted, to avoid having accounts hacked.

And users of any popular email or social media service should always double check whether "change your password" or "verify your account" prompts are legit.

Hover First

One common example of phishing -- the term that describes hackers' attempts to trick you into revealing passwords and other data -- is a fake email from PayPal threatening to limit the recipient's account privileges unless he or she clicks on a link in the message.

"You don't tell where a Web site goes by clicking on it," warns cyber security expert Graham Cluley of Sophos. "After all, you could be taken to a Web site that hosts malware or an exploit, which could -- afterwards -- take you to the real site."

Cluly suggests users hover their mouse cursor over the link to see where the pop-up tells you the destination will be.

"Even then, hackers could compromise a vulnerable Web site so that clicking on a link to a legit Web site ends up taking you to a dangerous page," he adds.

Cluley suggests a bit of homework before you respond to an "out-of-the-blue" reset-password email when there was no prior sign of trouble, such as unauthorized use.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Enterprise Endpoint Backup - What You Need to Know and Why: Access this must-read report that IT leaders and their peers are referencing to narrow down their backup shortlist. Gartner rates the key capabilities for endpoint backup for both mobile and office-centric workforces, from data protection to security risk reduction, and increased user productivity. Access the Report Now.
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.