Twitter Gets Hacked - Blogosphere is Atwitter

By Peter Bernstein August 20, 2013

It is getting hard to keep up with breaking news these days in general, but even harder to stay on top of all of the online outages (Amazon, Google and Microsoft in just the past few days), data breaches and hack attacks. And this is without mentioning all the NSA scandal and ripple effect news. 

Thus, the fact that an Islamist cyber terrorist calling him or herself the “Mauritania Attacker” is out boasting to Indian security website Techworm of having hacked Twitter today, and has leaked account credentials (not passwords) of over 15,000 users, is not surprising – even though it is obviously disturbing. In fact, if you would like to see if your account was part of the “oauth_token secret codes” dump by this individual, check out Pastebin.com.  

What we know now

Here is what we know at the moment. Mauritania Attacker may be overstating the fact that he or she can get into the entire user database on Twitter and that no account is safe, but thus far the evidence is rather compelling that the hacker can cause some serious mischief. The reason is that OAuth2 goes directly to the increasing use of social media login information to access other apps. In other words, bad stuff can travel fast, and security experts are advising that all of us tweeters would be smart to revoke and re-establish access to connected third-party apps. In two words, “Darn it!”

The U.K.-based website The Register has a rather thorough story about the niceties of all of this replete with some colorful language by author John Leyden that is wonderfully British— “twit” and “miscreant” are two of my favorite words you don’t see often in tech articles. As Leyden notes, problems with OAuth tokens being vulnerable are not new. In fact, researchers have pointed out one set of problems, which may or may not have been employed in this current attack, several weeks ago, and Twitter has not responded with suggestions as to how to mitigate the problems. One suspects, or at least hopes, they now will be more forthcoming.

Another case where a little transparency would be helpful    

For those who have followed my coverage of the challenges online services of all types are having in reacting to what euphuistically I will call “service problems,” the common thread of the critique is a call for more transparency from the impacted vendor. Apologies are nice but it is like when your kids do something wrong and get caught and we tell them, “We know you are sorry, but what you seem to be most sorry about is getting caught, now change the behavior.”

 Here is what we in the press encounter when going to the Twitter corporate press site:

If you click on the @Twitter link, here was the view at 2:30 p.m. EDT.

Yes. You are reading this correctly, with over 22 million followers there is ZERO news.

But wait, it gets even better. Here is the page view a few minutes later from @twittercomms.

Again, your eyes are not deceiving you. The last posting about anything was on August 16.

Twitter has become in many ways the default for breaking news. Indeed, the breaking news about the gunfire heard at an Atlanta-area charter school that is unfolding as this is written is a great example, along with all of the traffic generated by things like the Boston Marathon bombing. It has also proven to be an invaluable tool for obtaining help, even when that term is broadly defined. This leads to two questions for Twitter:

  1. If the hacker can access our accounts, why didn’t Twitter send out an alert?
  2. Where is the advice on what to do regarding associations with third-party apps?

The sun has not yet set today, so it is too early to call this a true day of shame for Twitter. However, it is certainly shaping up to be one. As the refrain from the Peter Seeger’s folk music classic (made famous by Peter, Paul and Mary) “Where have all the flowers gone?” concludes, “Oh, when will they ever learn? Oh, when will they ever learn?”




Edited by Alisen Downey
SHARE THIS ARTICLE
Related Articles

CES 2018: Terabit Fiber - Closer Than We Think

By: Doug Mohney    1/17/2018

One of the biggest challenges for 5G and last mile 10 Gig deployments is not raw data speeds, but middle mile and core networks. The wireless industry…

Read More

10 Benefits of Drone-Based Asset Inspections

By: Frank Segarra    1/15/2018

Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…

Read More

VR Could Change Entertainment Forever

By: Special Guest    1/11/2018

VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …

Read More

Making Connections - The Value of Data Correlation

By: Special Guest    1/5/2018

The app economy is upon us, and businesses of all stripes are moving to address it. In this age of digital transformation, businesses rely on applicat…

Read More

3 Ways to Improve Your VR Projects

By: Ellie Martin    1/4/2018

There is no denying that VR is here and will most likely only increase in velocity as a terminal speed is yet to be even hypothesized. That is why it …

Read More