TweakTown
Tech content trusted by users in North America and around the world
5,688 Reviews & Articles | 36,222 News Posts
Weekly Giveaway: Fractal Design Arc Cases Contest (Global Entry!)

Twitter's password recovery process exposes accounts to hacking, according to victim

Twitter's password recovery system allows accounts to be brute-forced simply by changing IPs

| Internet & Websites News | Posted: Oct 1, 2012 10:01 pm

A victim of a hacker has written up a long piece regarding Twitter's security processes and how he believes he became a victim. Twitter's password recovery system is reportedly to blame, as it allowed a hacker to use a brute-force style attack on his handle. A brute-force attack tries common passwords as quickly as it can until it finds a match or exhausts a word list.

 

TweakTown image news/2/6/26010_1_twitter_s_password_recovery_process_exposes_accounts_to_hacking_according_to_victim.png

 

The issue seems to stem from the fact that Twitter doesn't limit login attempts per account, rather they limit them per IP. What this means is a hacker just needs to use a proxy network or some other way of IP switching and they would be able to brute-force an account indefinitely, or at least until the password was found.

 

However, why the victim, Daniel Dennis Jones, had chosen to use a simple, common password that could be brute-forced is beyond me. His story makes sense, though, and is why most password recovery systems limit login attempts on a per account basis, or at minimum throw up a CAPTCHA after a few failed attempts at logging into an account.

 

The happy ending: Eventually Jones was able to recover his @blanket handle with the help of Twitter.

NEWS SOURCE
News.cnet.com

Related Tags

Further Reading: Read and find more Internet & Websites news at our Internet & Websites news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

Latest Downloads

View More Latest Downloads

TweakTown Web Poll

Question: Did EA kill the Battlefield franchise with the terrible BF4 issues?

Yes, Battlefield is doomed

No, Battlefield will live on strong

I'm not sure, but I know EA needs to improve its game

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
Get TweakTown updates via Facebook!
Just click the "Like" button below