Security Flaws Allowing Hackers to Brute Force Twitter Passwords
A security flaw has been discovered in popular micro blogging site 'Twitter' which is allowing an malicious attack to brute force user's passwords. On Saturday, multimedia producer and Twitter user Daniel Dennis Jones (@blanket) received a notification that his Twitter password had been reset. This alone would have been cause for concern; at the very least, it would mean that someone had tried and failed to access his account. He quickly found out that the problem was much worse than he expected. He was eventually able to log back into the account, but found that his username had been changed to @FuckMyAssHoleLO , and that @blanket was now operated by someone else. His account, in other words, had clearly been hacked. After seeing the above scenario it is very clear that - Twitter's password reset process allows hackers to attempt a more wide-ranging brute force approach to breaking into accounts than other services with more restrictive systems. Both Apple and Amazon
quickly closed the loopholes that led to Honan's hack, but Twitter
accounts (the ultimate prize Honan's hackers were after) remain
surprisingly vulnerable to unsophisticated hacking efforts. That
vulnerability was on display this past weekend as a desirable group of
"OG" Twitter handles the short, memorable, one-word names that got
snapped up when the service launched were brute-force hacked by a
group of kids looking to make a little cash and impress their friends.
Daniel Jones is not the only victim of this recently discovered vulnerability, many other people around the globe also fallen victim of this security hole. After a day of research, Jones "got to the bottom of a little ring of
kids who crack passwords to gain access to handles" - he found a number
of other short, memorable handles like @hah, @captain, and @craves had
also been hacked. Judging from the conversations he saw over Twitter,
these hackers were not sophisticated social engineers, but just a group
of teenagers trying to sell the names they had collected. Eventually, Jones had a long Skype conversation
with a 14-year-old hacker who goes by Mason he wasn't the one who
stole @blanket from Jones, but he was part of the young crew grabbing
and selling these desirable names.
Of course, Twitter's security regimen is probably not all that different from that of many other sites. According to Jeremiah Grossman, CTO and co-founder of Whitehat Security, the attack that victimized Jones was "very, very common....Perhaps Twitter could have a bit stronger and more comprehensive approach to dealing with brute force attacks, but they can really only take it so far before annoying their users."
We personally think that, after this case twitter should implement two step authentication, like Google to prevent its user getting compromised.
-Source (Buzz Feed & CNET)
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
Brute Force
,
Hacked
,
Hacker
,
passwords
,
security-news
,
Social Network
,
Twitter
,
Twitter hacking
,
vulnerablity
