Twitter Gets Hacked - Blogosphere is Atwitter

By

It is getting hard to keep up with breaking news these days in general, but even harder to stay on top of all of the online outages (Amazon, Google and Microsoft in just the past few days), data breaches and hack attacks. And this is without mentioning all the NSA scandal and ripple effect news. 

Thus, the fact that an Islamist cyber terrorist calling him or herself the “Mauritania Attacker” is out boasting to Indian security website Techworm of having hacked Twitter today, and has leaked account credentials (not passwords) of over 15,000 users, is not surprising – even though it is obviously disturbing. In fact, if you would like to see if your account was part of the “oauth_token secret codes” dump by this individual, check out Pastebin.com.  

What we know now

Here is what we know at the moment. Mauritania Attacker may be overstating the fact that he or she can get into the entire user database on Twitter and that no account is safe, but thus far the evidence is rather compelling that the hacker can cause some serious mischief. The reason is that OAuth2 goes directly to the increasing use of social media login information to access other apps. In other words, bad stuff can travel fast, and security experts are advising that all of us tweeters would be smart to revoke and re-establish access to connected third-party apps. In two words, “Darn it!”

The U.K.-based website The Register has a rather thorough story about the niceties of all of this replete with some colorful language by author John Leyden that is wonderfully British— “twit” and “miscreant” are two of my favorite words you don’t see often in tech articles. As Leyden notes, problems with OAuth tokens being vulnerable are not new. In fact, researchers have pointed out one set of problems, which may or may not have been employed in this current attack, several weeks ago, and Twitter has not responded with suggestions as to how to mitigate the problems. One suspects, or at least hopes, they now will be more forthcoming.

Another case where a little transparency would be helpful    

For those who have followed my coverage of the challenges online services of all types are having in reacting to what euphuistically I will call “service problems,” the common thread of the critique is a call for more transparency from the impacted vendor. Apologies are nice but it is like when your kids do something wrong and get caught and we tell them, “We know you are sorry, but what you seem to be most sorry about is getting caught, now change the behavior.”

 Here is what we in the press encounter when going to the Twitter corporate press site:

If you click on the @Twitter link, here was the view at 2:30 p.m. EDT.

Yes. You are reading this correctly, with over 22 million followers there is ZERO news.

But wait, it gets even better. Here is the page view a few minutes later from @twittercomms.

Again, your eyes are not deceiving you. The last posting about anything was on August 16.

Twitter has become in many ways the default for breaking news. Indeed, the breaking news about the gunfire heard at an Atlanta-area charter school that is unfolding as this is written is a great example, along with all of the traffic generated by things like the Boston Marathon bombing. It has also proven to be an invaluable tool for obtaining help, even when that term is broadly defined. This leads to two questions for Twitter:

  1. If the hacker can access our accounts, why didn’t Twitter send out an alert?
  2. Where is the advice on what to do regarding associations with third-party apps?

The sun has not yet set today, so it is too early to call this a true day of shame for Twitter. However, it is certainly shaping up to be one. As the refrain from the Peter Seeger’s folk music classic (made famous by Peter, Paul and Mary) “Where have all the flowers gone?” concludes, “Oh, when will they ever learn? Oh, when will they ever learn?”




Edited by Alisen Downey
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

Why More Leads Won't Fix a Broken Lead Management Process

By: Contributing Writer    6/23/2026

When sales results start to stall, many organizations immediately look to the top of the funnel for answers. The assumption is simple: if revenue i…

Read More

Your Post-Quantum Readiness Starts at Y2Q Summit

By: TMCnet News    5/27/2026

Y2Q Summit is an executive conference focused on helping enterprises prepare for the coming era of quantum computing disruption, cybersecurity transfo…

Read More

Why Award Marketing Should Be Part of Every B2B Tech Company's Growth Strategy

By: Erik Linask    5/20/2026

Award marketing matters for B2B tech companies because industry recognition can strengthen trust, support sales and partner relationships, improve con…

Read More

Why Email Is Still the Most Underrated Layer of Modern Software Infrastructure

By: Contributing Writer    5/15/2026

Take, for example, the following scenario. A user requests a password reset, waits a few seconds, refreshes their inbox and nothing arrives. They try …

Read More

Jitterbit's Visionary Status Signals a Shift in the iPaaS Market

By: Contributing Writer    4/7/2026

As enterprise ecosystems grow more complex, integration has become less of a backend IT function and more of a strategic driver of business performanc…

Read More