Twitter Security – Notes from a Victim

Thank you, dear hacker! I just arrived at my San Diego hotel room for a few days off last week, checking e-mails before going to bed, and found several e-mails and Twitter direct messages back from friends asking me what’s wrong with me. It took me a while to realize what has happened: my Twitter account had been hacked. The hacker has sent hundreds of direct messages to all my followers, trying to convince them to click on some bullshit URL. The damage was immense. While posting a message on Twitter about what has happended, changing the Twitter password, trying to de-link applications that I granted access to Twitter, I was kept busy replying to angry followers announcing to de-follow me. But the damage was already done.

There seems to be a serious security issue at Twitter. I am a bit surprised that the company has not invested more seriously in its security – $55M investment should have paid for some good security experts? I am for sure not the security maniac myself – but this has never happened to me in my Internet life since the 90s.

Don’t get me wrong, I think Twitter is an excellent messaging tool. But companies come and go, and I believe that security should be a major concern for a communications company. This goes for all the social media out there. Security lacks can cause huge damage and if the company can’t close them, users will go elsewhere.

BTW – while writing this post, Crunchbase gives me a ’500 – Internal Server Error’. More problems ahead?

See also:
Twitter’s Security Dilemma: The social network’s inaction around security issues shows that it needs a security chief.
Twitter’s Security Meltdown: This is serious. Twitter has a big security problem.