Welcome to the MacNN Forums.

subego · Feb 25, 2014, 05:37 PM

Had a friend who's twitter account got hacked yesterday, and I'm trying to figure out how it happened.

I'm hip to virus tweets, but this person doesn't really use twitter, so I don't see it having happened that way.

Any ideas?

starman · Feb 25, 2014, 06:16 PM

His password was probably 12345

But seriously, it could have happened through getting his email account hacked. I don't have an answer. Just make sure you have two-factor auth on your Twitter acct.

subego · Feb 25, 2014, 06:37 PM

I'd be surprised if her password was any good, but do people actually still try brute force login attacks?

starman · Feb 25, 2014, 06:53 PM

Years ago Twitter allowed it, and then shut that down. I only read about things as people write about them, so I don't know anything past that. There are other ways - like using the same password on Twitter as another site that got hacked. That's why all my passwords are different.

subego · Feb 25, 2014, 07:01 PM

This person has poor password hygiene, but I'm assuming twitter is the only account compromised because they used it for a phishing attack. If they had multiple accounts on this person, I'd assume they'd want to leverage those accounts, or look for more, rather than burn the asset looking for more twitter accounts to compromise.

starman · Feb 26, 2014, 01:01 AM

Question: was their account actually attacked, or did they have a third-party app with access to their Twitter account doing this?

subego · Feb 26, 2014, 01:43 AM

No idea. I'm assuming the former.

starman · Feb 26, 2014, 01:57 AM

Ok, because a third party app can use your Twitter ID to send spam as well. Changing your password won't fix the issue.

subego · Feb 26, 2014, 04:39 AM

I'll check into that. Thanks, BTW!

andi*pandi · Feb 26, 2014, 10:47 AM

my twitter was hacked, and I had a decent password. Don't recall if I ever knew the cause, just changed passwords. I use a "base" plus "codeword" system. It was sending spam to my contacts via PM.

subego · Feb 26, 2014, 05:49 PM

I use 1Password, but it's too quirky for me to feel comfortable handing it over to a muggle.

You're a wizard, Andi. You can totally handle it. I highly recommend you get either that or LastPass. LastPass is cheaper.

starman · Feb 26, 2014, 05:54 PM

LastPass is cheaper but doesn't have the same encryption functions 1Password does. 1Password wins in my book.

EDIT: Mavericks has a password storage system as well, but I'm still running 10.8 so I don't know how well it works.

andi*pandi · 07:20 PM

apparently I bought 1Password with a macupdate bundle in 2011. Huh. Ok then.

Do you all use the dropbox sync for the data file, or does that defeat the purpose?

subego · Feb 26, 2014, 08:00 PM

Use the DropBox sync. The keychain is encrypted.

turtle777 · Feb 26, 2014, 11:47 PM

Same here, 1PW with Dropbox.

-t

starman · Feb 27, 2014, 01:32 AM

1PW w/Dropbox FTW.

subego · Feb 27, 2014, 07:07 AM

I suggest you use the DropBox.