Twitter resets user passwords
Twitter has sent out emails to large numbers of users asking them to reset their passwords. The microblogging company states that this is due to unusual activity, a sudden increase in followers for certain accounts, which it believes to be the result of misuse of Twitter accounts. Unknown persons are suspected of gaining access to accounts using information culled from various torrent sites and associated forums. Users are assumed to have used user names and passwords for these sites which are the same as they use for Twitter. Twitter does not reveal how many accounts may be affected.
According to Twitter's status blog, initial analysis suggests that someone has, over a protracted period of time, been setting up torrent sites and selling them on to other operators – but these sites include back doors allowing the original site author to read confidential data, including access credentials, at a later date.
The findings of a recent study, "Reused Login Credentials", by security services provider Trusteer, show that 73% of bank customers use their online banking password on other websites. 47% even use both the same user name and the same password on other websites. The study was based on data collected from customers using Trusteer's Rapport software.
- Cracking attack on Twitter, a report from The H.
- Shutting Twitter backdoors, a report from The H.
- Twitter fails to block Cross Site Scripting flaw, a report from The H.