The latest five minute maelstrom on the blogosphere was the widespread hacking of Twitter accounts. According to experts, some 700 or so Twitter accounts were hacked such that they appeared to be the property of a 23 year old female “adult entertainer” *ahem*. To their credit twitter fronted up and posted details of the breach. Twitter even sent out this caveat, advising of good password practice;
As a general reminder, keep in mind that strong passwords can help prevent hijacked accounts. Twitter offers a password strength indicator to help you choose a strong password when you sign up. If you want to change your password now you can do that… Also, avoid sharing your password with folks or services you don’t feel you can trust
Now I’m fortunate that I wasn’t one of the victims of this breach and at this stage details have not emerged about the cause of the meltdown. It may well be that there is an inherent hole with Twitter’s own architecture or it may be an opportunistic attack on some individuals with less than optimal security procedures. Either way, and amidst the hyperbole that seems to be going around, it needs to be remembered that Twitter never sold itself as an enterprise level solution and that the degree of third party applications utilising the Twitter API make security a major issue.
But this isn’t a criticism of Twitter itself – put it this way, if a new service required users to hand over their internet banking login details would they do it? Why is it any different with the plethora of Twitter-powered applications – tweetnow, tweetlater, tweetsometimeinthefuture, twitterfollow, twitterlead, twitterdosomegoddamwork – they’re generally lightweight applications made in someone’s backroom – anyone who expects enterprise level surety and security when utilising them is a fool.
My advice? Use a specific and robust password and ensure you investigate the legitimacy of those multitudinous applications you authorise to access your Twitter account.
That – or don’t moan when you’re compromised.