The recent rash of phishing attacks on Twitter should give microbloggers good incentive for strengthening their passwords and double-checking their account settings, says a security blogger.
In the most recent exploit, phishers gained access to users' Twitter accounts - including that of U.K. Cabinet Minister Ed Miliband - and sent out tweets saying inappropriate, personal things, then pointing followers to a Web site that sells herbal Viagra. In Miliband's case the spoofed tweet was removed from his stream of posts, and the cabinet member sent out an explanation shortly thereafter.
But exploits like this often don't end there, warned Graham Cluley, blogger and senior technology consultant for security vendor Sophos. Cluley recommends that anyone who has had their social-networking account phished - meaning their logon name and password are now in the wrong hands - should think hard about what other sites they use that same password for.
"You see, 33% of people to admit to playing Russian Roulette with their identity by using the same password on every website they access," says Cluley in his Friday blog post. "If Miliband makes that kind of mistake, then he has potentially opened up his email account, his eBay account, his PayPal and Amazon account... basically, his entire online life could be handed over to hackers."
Cluley recommends a strong password (meaning one that is at least eight characters long with mixed upper- and lower-case letters, some non-letter characters, and that doesn't follow a pattern that could be easily guessed, "12345678") that's different for every Website.
Another precaution all Twitter users should take is to check their settings/connections for any third-party applications that aren't recognized, and revoke their access to accounts.