Twitter Phishing Attack Makes Users Change Passwords

Twitter is forcing some users to reset their passwords, following a possible attack on the micro-blogging site that could have compromised the security of some accounts.

In an email from site administrators, users were advised that “Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset. Please create a new password by opening this link in your browser.”

The message goes on to advise users to choose a strong password that is different from the one used previously. “You should be extraordinarily suspicious of any third party that offers to artificially inflate your follower count,” it adds. “We do not endorse any of these sites.”

While some bloggers and tweeters have expressed concern that the email is itself a phishing attempt, further investigation has revealed that their Twitter passwords have indeed been reset, suggesting that the advisory message is genuine. However, as one blogger points out, “Twitter should not be getting its users used to emails providing a password changing link. This is surely the sort of email that phishers will love to clone.”

Twitter has been contacted for comment but did not reply before the time of publication.

Twitter has suffered from repeated security issues over the last few months, most recently on 17 December, when the DNS (Domain Name System) settings for Twitter.com were hijacked by hackers. For just over an hour, around 80 percent of the traffic from the site was redirected to a black background page showing a green flag and with a headline that read: “This Website Has Been Hacked by Iranian Cyber Army”.

It message went on to say: “U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don’t, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To… . NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA? WE PUSH THEM IN EMBARGO LIST ;)”

Only yesterday security vendor Sophos published a survey highlighting the security risks of social networks such as Facebook, MySpace, Twitter and LinkedIn. The report found that, while just 21 percent of the respondents in the April survey said they or their colleagues had received malware via a social networking site, that percentage increased to more than a third in December.