Hijacking Twitter: How Recent Hacking and Phishing Incidents Reveal Security and Customer Relations Gaps in Social Networking Media - Page 2

While Twitter declines to release the exact number of current accounts, Tech Crunch speculated last year that over one million visit the site; over three million messages a day are generated.  Regardless of exact figures, one can safely assume that the potential number of phishing and hacking victims is alarming.  What's worse, users can do little to protect themselves from such an invasion.  Social networking sites such as Twitter and Facebook need to greatly improve security for their valued customers.  For example, according to the Wired article, the hacker expressed great surprise at Twitter's lack of password protection.  Using his password generation program, he was able to enter random characters an unlimited number of times before he finally stumbled upon the correct phrase.  Credit card and personal banking sites limit the number of "tries" for a user to type the correct password.  If a customer cannot log in after five tries, for instance, that user will have to call the bank or financial institution directly in order to obtain a new password.  Having such limits would have prevented the hacker's password generator software from breaking into accounts.  While it may be an impossible task to keep current with every single hacking program available, these sites owe it to their users to make valiant efforts.  In Twitter's case, a staff support person's account was compromised, a sure sign that even experts struggle to keep up with rapidly developing security and hacking technology.

Are Twitter and Facebook Completely Open with Their Customers?

In the days following the security breach, Twitter responded to users by briefly posting a link to their blog describing the situation.  Other than telling account holders to change their passwords and not to click on URLs purporting to be a Twitter login site.  On the Twitter Status page, an entry stated that all compromised accounts were "stabilized" and promised more information on the situation.  As of January 9, no specific followup has been posted.  Has Facebook decided to address the program?  Entries on their Help Center: Security page warn against recent worms and phishing scams, but again provides little information as to how they will improve security.  Facebook designers claim to use "industry standard and proprietary network monitoring tools" and incorporates "industry standard encryption."  The page explains that users may not be able to determine the site's encryption from its URL, but in essence says to just trust them.  Users need better assurance that technicians are improving security, and deserve more specific explanations as to solutions.  Obviously the social networking sites cannot release too many details about their exact encryption methods, as they might as well just post a banner across their pages saying "please hack us."  However, customers are entitled to know how Twitter and Facebook protect their personal information, and deserve better explanations than "don't worry about it, just trust us."  

Article Author: Kit O'Toole

Kit O'Toole is a lifelong music enthusiast who maintains a music blog, Listen to the Band. In addition, she is the internet columnist and a contributing editor for Beatlefan magazine. She also holds an Ed.D. in Instructional Technology.

Visit Kit O'Toole's author page — Kit O'Toole's Blog