Loading ...
« Internal Blog Linking Experiment for SEO Part 3 | Main | Learn Affiliate Marketing Ranks 1st from 7,200,000 »
Obama Twitter Acount Hacked? Or Given Away?
By Todd | January 6, 2009
News today about Obama’s twitter account being hacked is kind of interesting because no one seems to want to discuss the possibility of user error, or user carelessness.
Obama along with many other celebrities have been reporting their twitter accounts were hacked sometime yesterday and today. Is it just a coincidence that for the past two days twitter has been warning us of a phishing scam going on through direct messaging via twitter?
Here’s the deal, in case you haven’t already got the memo …
There’s been a phishing scam floating around twitter where people are getting direct messages (DM) via twitter telling them something interesting with a link in it. When you click the link it takes you to a site that looks just like the login page for twitter.
Now the idea is that the perpetrators are hoping that the user makes the false assumption that they’ve timed out on twitter and need to log back in. What they may not notice is the url in the browser address bar is NOT twitter.com, but some other url.
The user unknowingly proceeds to login in to the fake account and in doing so has given the crooks their login information.
This is a classic phishing scam and has been happening on twitter for a couple days. Twitter has been warning us about it but it seems some people are not listening. Not only has there been a warning right on the twitter screen, but it’s been on their blog front and center.
Now, back to the Obama hack. Is it a hack implying the twitter system has a hole in it or was this simply a case of carelessness on the part of the person maintaining the Obama twitter account?
No one will likely know for sure, but coincidence of the twitter phishing scam and all these celebrities accounts being “hacked” certainly sounds phishy to me!
I say we call them what they are, phishing victims, and get on with it.
How to NOT Be a Phishing Victim
The reason phishing works so well is because the website doing the phishing looks exactly like the real website. If you’re not accustom to looking at the url in your browser before logging into a site then you’re likely to become a victim someday.
One of the best ways to never have to worry about this again is to use a password manager that not only encrypts your passwords but also handles logging into websites for you.
For instance, the most widely used password manager is probably Roboform. Roboform thwarts phishing by only logging into websites after it’s verified the url is the correct one for the login you are trying to use.
Here’s another major plus to using a password manager … you’re more likely to use different passwords for different sites. This is huge. Thinks about it … how many different passwords do you have?
Most people use one of maybe 5 or 6 passwords and simply repeat them because they’re to much hassle to remember. Problem is, if you get compromised you’d better start changing your accounts all over the web because hackers and phishers know that once they have your username and password it’s probably good at dozens of sites around the web. What a pain in the a**.
Since Roboform manages all this password crap for you you’re free to use different passwords without having to remember them all and in the end you’ll be much safer for it.
Not only is Roboform a faster way to surf, but a much safer way to surf as well.
As long as people continue not taking security seriously they will continue to be victims.
P.S. join me on twitter at https://twitter.com/talan604
Topics: How To, Uncategorized |
At first I agreed with you until it happened to me. I don’t follow many people on my cookscrafts twitter page. All I use it for is to post things happening in my shop. So I’ve never clicked on a link there and gave out my info. My account was “hacked” today not once but twice. Both times I was able to say “forgot password” and reset it, once to a 10 character password and then to a 26 character password.
Now I’m not saying its Twitter either. Most of us on twitter use 3rd party programs like twitteriffic or twirl to access twitter. The problem may be that one of those servers has been compromised.
In any event I hope its fixed soon, because it was a giant pain in the arse to type the 26 character password into my iphone’s twitter program.
Hi Michelle,
You make a very good point and it seems I may have jumped the gun a little
I see on the twitter blog they’re also claiming there were two separate problems, one a phishing problem and one a hacking problem. http://blog.twitter.com/2009/01/monday-morning-madness.html
Having worked in IT for may years I’ve come to realize that a large majority of security issues usually revolve around people problems as opposed to technology being hacked in the real sense of the word hack.
In your case it could very well have been a third party tools like you mentioned or, given twitter was reporting hacking issues as well as phishing issues, it could have been your account was hacked right at twitter.
I certainly feel your iphone pain though!
cheers,
todd