Life’s not so tweet over at Twitter these days. The microblogging company, which allows users to broadcast short messages to groups of followers, recently found itself the target of a wave of hacking and phishing attacks.
The San Francisco-based company said Monday that 33 member accounts were hijacked, including those of President-elect Barack Obama, singer Britney Spears and CNN correspondent Rick Sanchez.
On Monday, fake updates were made to several accounts, including obscene references to body parts and mentions of illicit drug use. Shortly after the fraudulent updates were posted, either account owners or Twitter intervened and deleted them.
The company said the accounts were compromised by a malicious hacker who infiltrated the set of tools used by Twitter’s support team to recover passwords and edit e-mail addresses associated with user accounts.
“We detected it right away, shut down the accounts, and took away the tool,” said Biz Stone, co-founder of Twitter, in a phone interview.
Mr. Stone said the accounts have since been restored but the tools were still being examined and would remain unavailable until the company resolved the situation. He said he was unsure as to why the popular social networking site was aimed at but noted, “Twitter has gotten a lot of attention recently, which could be reason enough for an attack.”
In addition to the hacked accounts, over the weekend, a series of e-mails and direct messages claiming offers of free iPhones or photographs were sent out to some Twitter members. The links redirected them to a fake Web site masquerading as Twitter’s own log-in site and asked them to enter their user names and passwords. On Saturday, Twitter warned its users about the phishing scheme and advised them to change their passwords.
The phishing scheme is worrying for many Twitter users, since many people use the same passwords across various online accounts that contain personal and account information, like Amazon.com, PayPal and Web e-mail accounts.
Mr. Stone said that in January, the company is planning to introduce a private beta version of OAuth, an authentication tool that will allow members to use third-party applications that require private member information to operate.
Comments are no longer being accepted.