Please note that this website will be undergoing maintenance on 9/5/2010, between 12:00 AM and 3:00 AM EDT. The site may be unavailable during this time.

United Airlines’ Twitter Account Hacked

Phishing schemes designed to steal passwords
March 2, 2010

An episode that was at worst a little embarrassing for United Airlines and a few other high-profile people around the world still shows how social networking sites can be vulnerable to hacking.

Late last week, United apologized for a Tweet that included an offer of “better sex” followed by a link to a Web site. “We’re sure you know that tweet wasn’t ours,” the company said in a follow-up post to its 56,754 followers. “Our Twitter account was hacked. Problem resolved. Sorry about that.”

The Twitter hack is believed to have originated with a “phishing” scheme in which perpetrators tricked users into sharing passwords and e-mail addresses, presumably through a bogus web site. Twitter users around the world have reported receiving direct messages from their friends saying things like “This you???” or “LOL this is funny,” reports Chicago’s NBC affiliate.

How do those messages get there? Messages fly fast and furious around the Internet, and users of social networking sites like Twitter and Facebook sometimes open up links (often shortened by providers like bit.ly and tinyurl, hence masking their origin) without knowing who they’re from or what they’re all about.

Chicago Breaking Business News, a compendium site with content from a variety of news organizations, including the Chicago Tribune, reported that the hackers could also be exploiting vulnerabilities in the free apps to which Twitter allows access.

Dennis Howlett, an independent enterprise software analyst based in Spain, told the business news site that many people assume the personal information they share with app-makers (Facebook has thousands of them as well, creating games, quizzes and other add-on content) will be treated as confidential. However, Twitter doesn’t authenticate or endorse all the developers.

“I have no direct means of knowing whether that application should be trusted,” Howlett said.

One of the more prominent people dismayed by a recent Twitter takeover was Ed Miliband, Britain’s energy minister. A message went out making a direct reference to his sex life.

“Oh dear it seems like I've fallen victim to twitter's latest 'phishing' scam,” Miliband said in a message posted shortly afterward.

©2003-2010 Identity Theft 911, LLC. All rights reserved.

.
.