Twitter Gets Hijacked, Now's The Time To Change Your Passwords

Last night, Twitter was hijacked by the "Iranian Cyber Army"; while there've been no confirmed password leaks or anything of the sort, now seems to us like a great time to change up your passwords. Here's why:

The Twitter blog reported that the problem was due to compromised DNS records, meaning that the hackers were able to redirect user requests for to their own server — which served up the page in the screenshot above. Although the redirect doesn't appear to have done anything malicious beyond that — and a DNS hijack doesn't mean the hackers would have access to Twitter's database — the hackers could just as easily easily have set up a fake login page and harvested plenty of passwords phishing-style if they had wanted to. Which is why — even though this DNS hijack appears to have been relatively benign — we think now's a very good time to do a little password refreshing (particularly if you use your Twitter password elsewhere).

Luckily we've been down this territory before. with detailed how to choose good security questions and answers. After Sarah Palin's email account was hacked last year, we also went in depth with a few more tips for protecting your email from hackers.

All those new strong passwords can be a pain to remember, which is why we'd also recommend securely tracking your passwords with KeePass. You get the benefit of rock-solid passwords without the hassle of remembering every character of your long password (complete with mix-case letters, numbers and characters).

Twitter Hacked, Defaced By "Iranian Cyber Army" [TechCrunch]


    Hmm... I didn't even notice Twitter got hijacked. Well I always stay signed in (since this is a secure private computer), so I presume the webite validates that I'm logged in by checking my cookie...? Is it possible to hack my Twitter account with the cookie (ie. does it contain my password?)?

    @Ronnie, I didnt see it hijacked either, but I guess that could be caused by not all DNServers around the globe refreshing in time. From my experience DNS can take up to 72 hours to update globally, so different parts of the world may have still been directed fine. Scary though. *changes password*

    Well seeing as I recently switched to Google's DNS server's, maybe they noticed it was malicious, and prevented the switch.

Join the discussion!

Trending Stories Right Now