Twitter password 'hack' highlights need for responsibility

Phishing for responsibility
As one of the highest profile tech firms on the planet it is no surprise that Twitter is once again the target of a malicious attach by hackers. 
 
The recent security breach affecting 250,000 users is one of the biggest to ever affect Twitter and highlights growing concerns over the danger of so-called cyber attacks. Twitter has warned all the users who had their passwords stolen to reset them to avoid any further risk.
 
Sensible advice, but security experts warned that the hackers may already have  valuable  information, as many people's Twitter passwords are identical to those they use for other purposes, including banking.
 
Over the past few weeks a lot of Phishing has been going on with a very convincing series of mails being received purportedly from Twitter. The quality of the attempt to get the logins used a mixed approach that encouraged users to respond to a friends mail (that arrived complete with a photo) will have duped some folks to login giving their details to the hackers.
 
There is also a risk that Twitter's "internal network" has been compromised by the hacking, which could potentially compromise other information.
 
The hack came after the social media giant warned earlier this week of attempts to gain access to its user data. It said that it shut down one attack moments after it was detected.
 
While Twitter has a clear responsibility to protect data the events of the past week or so show just how hard security can be to achieve if there is not a more connected approach and to a degree accountability.
 
The Phishing attack was linked to the a domain registered as iwitter, throw in an URL short code and its easy to see how someone could miss the deception, doubly so if they are viewing on module platform. The layout was very accurate and mirrored the corporate theme they use extremely well too, the attack was pretty slick. So what could actually have been done to mitigate the attack. You might think not a lot, after all its not their fault that the users were in a rush is it? Well, I am not so sure …
 
Twitter is a big company. It has been in the eye of the storm around privacy and personal data and in any sensible risk assessment protecting user data has to be right at the top of the list of business issues for the board. Beefing up security is a factor, but this is more than just the tech, it is the surrounding culture too. Do you remember the phishing attack from tvvitter.com - two v's and no w - now we have iwitter. Simple steps like registering domains that are incorrectly spelt could have helped avoid the misdirection used in these attacks. I know its simple and there are loads of possible variations, but Twitter has the resources and responsibility to do this pretty easily. Changing the password process to something a bit more secure would be any idea too and apparently thats now being looked at too. 
 
More resources focussed on users wouldn't be a bad idea either - have you tried to call Twitter or get a response through email … its not very impressive.
 
To be clear I am not saying that Twitter is bad, but rather the priorities we see don't appear to match the rhetoric used when the executives are talking with the media. 
 
They though are not the only cog in the wheel. What about the Domain registrars and service providers could they do better? YES, of course. Could enforcement agencies be more proactive? again a yes. 
 
What about you and me? are we doing our bit?
 
We want the web to be easy, point, click, result! We're all busy and want the upside of the web with as little of the 'bother' that comes with added protection as possible. But is that right? 
 
Our personal information starts of with us after all we use it and share it. We Blog, Tweet and Facebook stuff often with little thought to what we are really sharing or the trouble that starts when security fails us. 
 
I was livid when I discovered I had been duped by this attack and I'll confess my first first reaction was to blame Twitter, abut we know that is not true don't we. I have some responsibility - I typed in the password and user name, not them. I was in a rush and didn't think and I had to explain to my husband that I had been really dumb! 
 
Will things improve?  Possibly, but until we all take responsibility for our part of the problem it'll be an uphill battle for business and governments. 
 
The enemy isn't just the criminals its us too!
 
submitted by Tracey Ellis
Tracey is a freelance writer  &  married to our webmaster !