‘Twishing’ Attacks Hijack 33 Celeb Twitter Account

Despite more than two dozen celebrity Twitter accounts being hijacked, the microblogging service says the takeovers were not connected to a rash of weekend phishing ploys.

“These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their Twitter account when they can’t remember or get stuck,” Twitter explained on its blog.

Twitter said before it took the support tools offline, 33 people fell victim to attacks. The accounts of CNN Rick Sanchez, Fox News’ Bill O’Reilly and singer Britney Spears were among the more notable victims.

A Twitter account once used by President-elect Barack Obama was also attacked, although Obama hasn’t been Twittering since the November election, Twitter said.

Over the weekend, a number of phishers attempted to extract Twitter usernames and passwords. The ploy sent direct messages to Twitter accounts, asking them to visit what actually was a fake Twitter home page.

While the value of collecting Twitter passwords doesn’t seem immediately obvious, security experts said many people use the same password to login to Twitter as they do to check online finances.

Twitter said later this month it will begin testing OAuth, an open authentication protocol that third-party companies can build into applications. OAth will allow people to use Twitter features without disclosing private details.

This isn’t the first security-related issue to confront Twitter users.

Last month, a Website, DMFail, reprinted private messages sent by Twitter users who incorrectly tried to transmit “direct” messages. Instead of typing “d,” some Twitter users would type “dm.”

“On average, a couple of messages per hour over all of Twitter end up hitting DMFail,” blogger Michael Arrington wrote.

This story came from the Blog Journal, our new publication. If you haven’t yet, add the Blog Journal to your RSS reader now.