Twitter co-founder Biz Stone wrote on the site's blog that the accounts were compromised after a hacker accessed tools the support team uses when a Twitter user can't remember or wants to reset their login info. The attacks came after Twitter suffered a vicious phishing scam over the weekend, during which everyday Twitter users may have been tricked into logging on to a page masquerading as the Twitter front page, according to the site.
"We considered this a very serious breach of security and immediately took the support tools offline," Stone said in the blog post. "We'll put them back only when they're safe and secure."
According to Twitter:
This morning we discovered 33 Twitter accounts had been "hacked" including prominent Twitter-ers like Rick Sanchezand Barack Obama (who has not been Twittering since becoming the president elect due to transition issues). We immediately locked down the accounts and investigated the issue. Rick, Barack, and others are now back in control of their accounts.
The issue with these 33 accounts is different from thePhishing scam aimed at Twitter users this weekend. These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their Twitter account when they can't remember or get stuck. We considered this a very serious breach of security and immediately took the support tools offline. We'll put them back only when they're safe and secure.
So, what's Twitter going to do about it?
We plan to release a closed beta of the open authentication protocol, OAuth this month but it's important to note that this would not have prevented a Phishing scam nor would it have prevented these accounts from being compromised. OAuth is something we can provide so that folks who use third party applications built on the Twitter API can access their data while protecting their account credentials.
Phishing can become dangerous when criminals get your account numbers.
The FDIC has created this webpage to inform and warn consumers about a type of fraud called “phishing.” The term "phishing" – as in fishing for confidential information - refers to a scam that encompasses fraudulently obtaining and using an individual's personal or financial information.
This is how it works:
- A consumer receives an e-mail which appears to originate from a financial institution, government agency, or other well-known/reputable entity.
- The message describes an urgent reason you must "verify" or "re-submit" personal or confidential information by clicking on a link embedded in the message.
- The provided link appears to be the Web site of the financial institution, government agency or other well-known/reputable entity, but in "phishing" scams, the Web site belongs to the fraudster/scammer.
- Once inside the fraudulent Web site, the consumer may be asked to provide Social Security numbers, account numbers, passwords or other information used to identify the consumer, such as the maiden name of the consumer's mother or the consumer's place of birth.
- When the consumer provides the information, those perpetrating the fraud can begin to access consumer accounts or assume the person's identity.
- If you want to sign in to an account NEVER FOLLOW THE LINK FROM AN E-MAIL.
- Always, go to the sight directly from your saved book mark or by typing in the address.
- Be aware of what is in your address bar before you start typing.
- File an Internet Crime Complaint
- How to Protect Your Computer
- New E-Scams & Warnings
- Common Internet Frauds
- Risks of Peer-to-Peer Networks
- Parent’s Guide to Internet Safety
- More Protections