Twitter’s Security Hole Lets Hackers Steal User Accounts

By Monday, October 1, 2012 0 , Permalink 0

Before his account was hacked, Jones used to have Twitter handle @blanket but, last Saturday, he received a notification from Twitter customer service that his password was reset. Jones wasn’t able to logon to Twitter through his computer initially but, once he managed to log back in he found that his username had been changed to @FuckMyAssHoleLO, and that someone else was owning his original handle, @blanket notes buzzfeed.

Jones, after looking around on the web, traced @blanket being listed on a community site, ForumKorner, where users buy and sell usernames for online games and occasionally Twitter accounts obtained illegally.

Jones, who has @originalblanket handle as of now, when confronted a hacker who probably had links with the one who hijacked his account, was told that even though Twitter, like most other sites uses CAPTCHA system to deter password guessing after a few failed attempts, the system on the micro-blogging site was weaker compared to that used by YouTube and Google. “Twitter apparently only prevents large numbers of login attempts from the same IP address” the hacker told Jones. This means, “hackers – or crackers, as they would call themselves – can try to log in as many times as they want, so long as the login attempts appear to be coming from different computers.”

A hacker’s word can’t be taken as the final one when it comes to security of a site like Twitter but, if it does turn out to be true, then it is a security hole that shouldn’t have been present in the first place.

 

Find Jones’ conversation with the Hacker here.