TweakTown
Tech content trusted by users in North America and around the world
6,013 Reviews & Articles | 38,784 News Posts
TRENDING NOW: Windows 9 logo teased, with Microsoft's next OS 'coming soon'

Twitter's password recovery process exposes accounts to hacking, according to victim

Twitter's password recovery system allows accounts to be brute-forced simply by changing IPs

| Internet & Websites News | Posted: Oct 1, 2012 10:01 pm

A victim of a hacker has written up a long piece regarding Twitter's security processes and how he believes he became a victim. Twitter's password recovery system is reportedly to blame, as it allowed a hacker to use a brute-force style attack on his handle. A brute-force attack tries common passwords as quickly as it can until it finds a match or exhausts a word list.

 

TweakTown image news/2/6/26010_1_twitter_s_password_recovery_process_exposes_accounts_to_hacking_according_to_victim.png

 

The issue seems to stem from the fact that Twitter doesn't limit login attempts per account, rather they limit them per IP. What this means is a hacker just needs to use a proxy network or some other way of IP switching and they would be able to brute-force an account indefinitely, or at least until the password was found.

 

However, why the victim, Daniel Dennis Jones, had chosen to use a simple, common password that could be brute-forced is beyond me. His story makes sense, though, and is why most password recovery systems limit login attempts on a per account basis, or at minimum throw up a CAPTCHA after a few failed attempts at logging into an account.

 

The happy ending: Eventually Jones was able to recover his @blanket handle with the help of Twitter.

NEWS SOURCES:News.cnet.com

Related Tags

Further Reading: Read and find more Internet & Websites news at our Internet & Websites news index page.

Do you get our news RSS feed? Get It!

Got an opinion on this news? Post a comment below!

Latest Tech News Posts

View More News Posts
Check out TweakTown Polls on LockerDome on LockerDome

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases