(WEB HOST INDUSTRY REVIEW) — Social networking site Twitter (www.twitter.com) warned users Monday that phishers are directing users to fake Twitter login pages in an effort to dupe them into handing over their user names and password credentials, according to reports by various sites, including blogger Chris Pirillo and The Washington Post’s Security Fix.
This is the latest incident involving phishing attacks on social networking sites. In January 2007, phishers gathered a large quantity of data via a spoofed Myspace login page.
This past weekend, reports of a phishing scheme directing users to a fraudulent log-in page began to surface. Phishers have since then been using compromised Twitter accounts to try to trick users into offering their log-in credentials in exchange for an Apple iPhone.
Twitter reported on its blog that in an unrelated incident, 33 Twitter accounts, including those belonging to President-Elect Barack Obama, Britney Spears, Rick Sanchez, FoxNews, Facebook, and Huffington Post, were all recently hacked.
The company explains in the blog post that the hacking of the 33 accounts differ from the phishing scams directed at Twitter users in that “these accounts were compromised by an individual who hacked into some of the tools [Twitter's] support team uses to help people do things like edit the email address associated with their Twitter account when they can’t remember or get stuck.”
The hack was discovered Monday, but the social networking site said the affected users have now regained complete control of their accounts.
Security software firm Symantec issued this warning on its blog to Twitter users:
If you suspect you’ve already been victimized by this scam, change your Twitter account password immediately. If you have any trouble with this, you can contact the Twitter support team for assistance.
Meanwhile, Twitter revealed on its blog that it is actively reviewing the security levels of all access points to its service, as well as increasing the security of its login mechanism and further restricting access to its support tools.
No related posts.
