Twitter: The Phishing Attacks Go On and On

Once again this morning, I awoke to find an email from Twitter telling me my account password had been reset because of its possible compromise in a phishing attack. For the third time in a week, I changed my password. At least this time, I found no evidence that phishing direct messages had been sent out under my name. But because I am testing a bunch of Twitter clients, changing a password is no trivial task.

My point, though, is not to complain about the inconvenience but about Twitter’s inability to get a grip on the problem. It’s not actually clear that they are trying very hard. The Twitter status blog hasn’t had an update on phishing since Feb. 24, and refers to an attack at least two rounds back. The @safety and @spam feeds are equally unhelpful.

Twitter seems on the cusp of turning itself into a real business. It’s readying plans to sell ads against tweet streams. But a cavalier attitude toward security could jeopardize everything they are trying to do and leave room for a competitor  (anyone at Google listening?) to move in on this still very immature market.

One Response to “Twitter: The Phishing Attacks Go On and On”

  1. Kent Backman Says:

    I got the same message. I don’t think there was a phishing attack involved in my account, since I haven’t logged into Twitter or given my Twitter password to anything, since I created my account nearly a year ago. I think that there was a Twitter admin account or API compromise.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: