Tech content trusted by users in North America and around the world
6,802 Reviews & Articles | 46,991 News Posts
Make us an awesome TweakTown wallpaper, win a Corsair Hydro H110i GT

Twitter's password recovery process exposes accounts to hacking, according to victim

Twitter's password recovery system allows accounts to be brute-forced simply by changing IPs
| Internet & Websites News | Posted: Oct 1, 2012 10:01 pm

A victim of a hacker has written up a long piece regarding Twitter's security processes and how he believes he became a victim. Twitter's password recovery system is reportedly to blame, as it allowed a hacker to use a brute-force style attack on his handle. A brute-force attack tries common passwords as quickly as it can until it finds a match or exhausts a word list.




The issue seems to stem from the fact that Twitter doesn't limit login attempts per account, rather they limit them per IP. What this means is a hacker just needs to use a proxy network or some other way of IP switching and they would be able to brute-force an account indefinitely, or at least until the password was found.


However, why the victim, Daniel Dennis Jones, had chosen to use a simple, common password that could be brute-forced is beyond me. His story makes sense, though, and is why most password recovery systems limit login attempts on a per account basis, or at minimum throw up a CAPTCHA after a few failed attempts at logging into an account.


The happy ending: Eventually Jones was able to recover his @blanket handle with the help of Twitter.


Related Tags

Got an opinion on this news? Post a comment below!
Subscribe to our Newsletter

Latest News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases