Tuesday, January 06, 2009

Twitter Phishing strikes!!!

A big phishing attack hit Twitter users worldwide, forcing the micro-blogging service to advise its users to change their passwords. Phishers are now targeting the microblogging service Twitter to promote a widespread phishing campaign tricking celebrities and other users into submitting their personal information for identity theft and other illegal activities.

On 3rd Jan, it was noticed that many users got direct messages to follow a link but for me, it was a strange way to know Twitter phishing as I noticed the backgrounds of my site changed to Twitter profile background. On finding the source, it read:

http://s3.amazonaws.com/twitter_production/profile_background_images/3080822/tweetila.jpg
As I checked on this, it is a surprize as to how my Twitter image reached Amazon Developer site! I changed my Twitter bg and my site bg with twitter bg was gone!



On following Chris Pirillo's Tweet, I realised Twitter Phishing. Could this be a marketing gimmick of Amazon Simple storage service as found in my twitter image url? Or is Amazon (AWS) lack in security? How do they have the Twitter production RSS jpgs of twitter profiles?
All questions are confusing! Maybe the Blogger and Wordpress blogs have good security which is otherwise not in the case of Websites hosted by hosts! in the last 3 days, it is learnt, 33 high profile Twitter users had their accounts hacked. These accounts included President Elect Barack Obama, Rick Sanchez, Britney Spears and other high profile/celebrity Twitter users. And one is Mine! Maybe, these hi profile user list feature in list of http://s3.amazonaws.com/twitter_production/
Read more in Google News on Kidsfreesouls and even follow my twitter.
Twitter has advised all users to change passwords but here's a tip from me, Change your backgrounds too!!!

- ilaxi