Security flaw allows hackers to steal Twitter accounts and sell them

Oct 1, 2012
0

Security flaws are nothing new and the past few months has been a time of many security breaches and hacks into big company names. So, when you hear about a security flaw that's been discovered on Twitter, it's certainly alarming, but most people aren't surprised by it. However, this story about one Twitter user is about as interesting as it gets.

Over the weekend, multimedia producer and Twitter user Daniel Dennis Jones (@blanket) received an email saying that his Twitter password had been changed. He quickly found out that he was not able to log into his account, but was still able to access it on his phone. To his surprise, his tweet and follow counts were at zero.

Jones was eventually able to log into the account, but found that his username was changed to @FuckMyAssHoleLO, with the name of the account being "Cracked by n0rth". His Twitter profile was now being operated by someone else and was even put up for sale on an online message board called ForumKorner, a place where people buy and sell usernames for online gaming. The forum included other hacked single-word usernames that were inevitably created in Twitter's early days and are now hard to get. And the selling prices for these usernames are surprisingly low, most of which sell for under $100.

So how are these hackers able to break into Twitter accounts so easily? In turns out that Twitter only prevents a large number of login attempts based on the IP address, rather than on a per-account basis. So, the hackers simply use a program that constantly attempts to log in with different common passwords using different IP addresses after every several attempts.

Obviously, changing your password to something more complex will definitely help to prevent this from happening to you. Even using a service like LastPass will help out a lot, but creating a long and random string of numbers and letters will do the trick. Just make sure you can remember it if you're logging into a computer that doesn't have your passwords saved.

We've heard other interesting stories of hacks and breaches in the past, like the iCloud fiasco that happened to technology writer Mat Honan, but this about the most interesting Twitter hack we've seen yet. Hopefully all goes well for Jones and that he gets his original username back. And hopefully Twitter responds to this security flaw and patches it up before even more usernames become victim.

[via BuzzFeed]


Must Read Bits & Bytes