NEWS - October 02, 2012
by Carol~ - 10/2/12 1:55 PM
Twitter Authentication Flaw Helps Crooks Take Over Popular Handles
From Bitdefenders' "Hot for Security" Blog:
If you're one of the Twitter users with an overly appealing username, please change your password to something solid before finishing this story. According to a veteran Twitter user known as @blanket, an authentication flaw in the Twitter login system makes it extremely easy for cyber-criminals to brute-force your Twitter password without any limitation.
Twitter user Daniel Dennis Jones, also known as @blanket, felt the flaw when he received a notification from Twitter that his password had been successfully changed. When he attempted to log in to the micro-blogging platform with his credentials, he found his password had been abusively changed by an unknown user. To add insult to injury, his username had also been replaced to an obscene handle.
"Twitternames that would have high value due to brevity: @hah, @captain, @craves, @abound, @grinding, [were] all cracked/stolen," Jones wrote on his Twitter wall. The series of attacks against these handles appears to have a financial motivation, as these usernames were later pitched at selling for prices between $60 and 100. "By chasing tweets I find @blanket & others are being pimped at a site called forumkorner," Jones continued.
Continued : http://www.hotforsecurity.com/blog/twitter-authentication-flaw-helps-crooks-take-over-popular-handles-3710.html
Twitter Authentication Flaw Allows Hackers to Hijack User Accounts
Twitter account hijacking exposes easy-to-exploit security flaw