Sophos: Twitter spam attack highlihts need for different passwords
December 2010 by Sophos
IT security and control firm Sophos is reminding computer users of the importance of maintaining different, hard-to-guess passwords for all their online accounts, following reports that a recent security breach at Gawker Media – which involved the leaking of user passwords for sites such as Gizmodo and Lifehacker – has now been linked to a widespread spam campaign on Twitter. As many as 1.3 million account details are believed to have been stolen from Gawker’s servers, and have since been posted on sites like Pirate Bay.
Hundreds of thousands of Twitter accounts appear to have been compromised by hackers, who have spread spam promoting an Acai Berry diet. According to Del Harvey, Twitter’s director of trust and safety, the messages seem to have been posted from accounts where users were using the same password on both Twitter and Gawker.
“The key issue here is that too many users – as much as a third – are still using the same password for every website they access,” said Graham Cluley, senior technology consultant at Sophos. “Once one password has been compromised, it’s only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain. Password security is becoming more important than ever. Make sure that you’re taking the issue seriously, or suffer the consequences.”
In a poll of 676 computer users in March 2009, Sophos found that 33% used the same password all the time, 48% used a few different ones and only 19% never used the same passwords for different websites.