Comments on: OT: This Is Why So Many Twitter Accounts Get Hacked http://isource.com/2010/04/22/ot-this-is-why-so-many-twitter-accounts-get-hacked/ #1 Source for iPad, iPhone, iPod, Mac and AppleTV Sun, 25 Apr 2010 08:50:22 +0000 hourly 1 https://wordpress.org/?v=5.4.6 By: Andrew Woodvine http://isource.com/2010/04/22/ot-this-is-why-so-many-twitter-accounts-get-hacked/#comment-22674 Sun, 25 Apr 2010 08:50:22 +0000 http://isource.com/general/ot-this-is-why-so-many-twitter-accounts-get-hacked/%20#comment-22674 Why would clicking the link in the email get your account hacked? The URL contains a token that a hacker wouldn't know. I might be missing something but this doesn't seem like a big deal?

]]> By: patrickj http://isource.com/2010/04/22/ot-this-is-why-so-many-twitter-accounts-get-hacked/#comment-22650 Sat, 24 Apr 2010 02:20:19 +0000 http://isource.com/general/ot-this-is-why-so-many-twitter-accounts-get-hacked/%20#comment-22650 In reply to Tammi Kibler.

I never said I thought the email was a phishing attack, or that I thought it did not come from Twitter – said the opposite in fact. One of the main reasons that services should always offer a 'No – I didn't request that change' type link is so that they can make an effort to track down / ban the initiators of rogue requests.

]]> By: Tammi Kibler http://isource.com/2010/04/22/ot-this-is-why-so-many-twitter-accounts-get-hacked/#comment-22611 Fri, 23 Apr 2010 15:17:48 +0000 http://isource.com/general/ot-this-is-why-so-many-twitter-accounts-get-hacked/%20#comment-22611 I am not familiar with the e-mail you received, but in reviewing how these e-mails look when I have initiated the password reset, I see most do not offer me an option to report mischief.

This from WordPress: "To reset your password visit the following address, otherwise just ignore this email and nothing will happen."

I could include others. It isn't necessary a phish you received. Likely someone tried to login to your Twitter account and then clicked on Forgot password, and Twitter initiated an e-mail verification. Everything worked the way it should for your protection.

I may misunderstand the e-mail you received, but what you describe sounds like a typical verification. Of course, if you didn't initiate the change, you shouldn't follow a link to change your password.

]]> By: patrickj http://isource.com/2010/04/22/ot-this-is-why-so-many-twitter-accounts-get-hacked/#comment-22610 Fri, 23 Apr 2010 14:55:16 +0000 http://isource.com/general/ot-this-is-why-so-many-twitter-accounts-get-hacked/%20#comment-22610 In reply to prasanna.

I do use Gmail. In this case I just wanted to have a good long comparative look at the rogue email vs. a legit one from Twitter.

]]> By: prasanna http://isource.com/2010/04/22/ot-this-is-why-so-many-twitter-accounts-get-hacked/#comment-22604 Fri, 23 Apr 2010 11:15:37 +0000 http://isource.com/general/ot-this-is-why-so-many-twitter-accounts-get-hacked/%20#comment-22604 either u dont use gmail, or u dont use their verification systems which verify if email came from a legit sender (works well for big sites). that would have told u whr this mail was from. it works like the lock icon prasaon ur HTTPS sites.

]]> By: Y.T. http://isource.com/2010/04/22/ot-this-is-why-so-many-twitter-accounts-get-hacked/#comment-22603 Fri, 23 Apr 2010 10:00:44 +0000 http://isource.com/general/ot-this-is-why-so-many-twitter-accounts-get-hacked/%20#comment-22603 I've also noticed that Twitter does not have a "session timeout" feature. I think this makes Twitter more vulnerable to hacking.

]]> By: Andrew http://isource.com/2010/04/22/ot-this-is-why-so-many-twitter-accounts-get-hacked/#comment-22601 Fri, 23 Apr 2010 08:46:58 +0000 http://isource.com/general/ot-this-is-why-so-many-twitter-accounts-get-hacked/%20#comment-22601 No doubt. Much needed post.

]]>