Once again this morning, I awoke to find an email from Twitter telling me my account password had been reset because of its possible compromise in a phishing attack. For the third time in a week, I changed my password. At least this time, I found no evidence that phishing direct messages had been sent out under my name. But because I am testing a bunch of Twitter clients, changing a password is no trivial task.
My point, though, is not to complain about the inconvenience but about Twitter’s inability to get a grip on the problem. It’s not actually clear that they are trying very hard. The Twitter status blog hasn’t had an update on phishing since Feb. 24, and refers to an attack at least two rounds back. The @safety and @spam feeds are equally unhelpful.
Twitter seems on the cusp of turning itself into a real business. It’s readying plans to sell ads against tweet streams. But a cavalier attitude toward security could jeopardize everything they are trying to do and leave room for a competitor (anyone at Google listening?) to move in on this still very immature market.