Switched has a new home! Huffpost Tech.

Click here to visit the new home of Switched!

Hot on HuffPost Tech:

See More Stories
AOL Tech

Twitter Resetting Passwords Following Phishing Attack

by Terrence O'Brien on February 2, 2010 at 05:00 PM

Twitter Resetting Passwords Following Phishing Attack
This morning, many Twitter users found themselves effectively locked out of their accounts. Following a phishing attack, Twitter took the unprecedented measure of locking down several users' accounts and requiring them to reset their passwords. The owners of the accounts were sent messages that read, "Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset."

According to The Next Web, unconfirmed reports from users claim that the attack is associated with @THCx, a service that purports to offer helpful tips and tutorials. The service has picked up 42,000 followers in recent days, but doesn't follow any accounts in return. It's suspected that the exploited flaw resides in NutshellMail, which allows the e-mail-like managing of tweets.
Update: It now appears highly unlikely that whatever the exploited flaw was does not reside with NutShellMail, which uses oAuth to connect with Twitter accounts, and therefore does not store login information. According to an update on the official Twitter Status blog, the team there believes the attack originated on forums for torrent sites. It's believed that the person or persons behind the attack have been creating torrent sites that require users to register, with the express intent of leveraging the collected e-mail addresses, usernames, and passwords to gain access to other services.

Last night's message from the Twitter crew ends with a piece of advice worth repeating: "You should be extraordinarily suspicious of any third party that offers to artificially inflate your follower count." [From: The Next Web]

Tags: password, phishing, security, top, twitter

HuffPost AOL Social News Most Popular