2 of my 3 Twitter accounts asked me to reset my password this morning when I signed in. It seems that a third party application may have compromised accounts, but stories abound about what really happened.
What I can tell you is that I know enough about where to share my passwords that I didn’t accidentally give my credentials to a fraudulent site. I can also tell you that no one hijacked my account. My password is reset on both ‘compromised’ accounts and I’ve updated the legitimate applications I use to access Twitter.
I’m not quite sure why Twitter would be the target of a phishing attack. While they might be able to post what they ate for breakfast or follow a few celebrities (or whoever), no one can use my Twitter login information to access money or sensitive information. Not sure what the point to the whole Twitter phishing attack was, but I’m not too worried either. A minor inconvenience at worst, interesting blog fodder at best.
Update: Thanks to Malcolm for posting the following in the comments on one of our posts about phishing:
With the knowledge that many people use the same passwords across multiple sites, there is value in phishing ANY online login system. Because email+password can be identical on every site, any and every site is vunerable to phishing. Phishers need a single chink in the armour, if the phished person uses a hotmail/gmail etc email address for Twitter, there’s a high chance the email can then be comprimised with the same login details, and once you have the email you could wait for a ’statement’ email from a bank or credit card …