Nick Moeck

It seems that my Twitter account was somehow breached and used to send spam to my followers via direct message, and it appears that I am not alone. It’s kind of embarrassing for someone who has as much information security training and knowledge to get their Twitter account hacked, but it happens even to the best of us.

As of right now, there’s no news as to how my account may have been breached. I am currently working to figure out how it happened.  Right now, I believe that it may have been done using SMS spoofing.  Unknown to me, I apparently had my phone registered for tweeting via SMS.  My Twitter password was not changed, and I don’t have any suspicious applications authorized to post to Twitter on my behalf – just this website, twidroyd and the KDE Microblog plasmoid on my laptop.  I suppose it’s possible that twidroyd or the KDE Microblog plasmoid is somehow to blame, but I haven’t found any evidence that they are.

I have to admit that even though I know better, I very often use the same password on multiple sites.  I do, however, make sure that I use unique passwords for things that are important – server passwords, email, online banking, etc.  Twitter, unfortunately, was one of those sites that I used the same password for, so I’ve gone ahead and changed that password, as well as the passwords to anything else important.  I’ve actually been meaning to take better care of my online account passwords, and now that I’ve had a security incident, I think I’m going to get on that right away.

In fact, I will be reviewing several password management programs that are available for Ubuntu (and Linux in general) and will try to take some time to review all of them.  Of course, I’ll post the results here for everybody (nobody) to read.