

Numerous celebrity/company twitter accounts hacked - vaksel
http://www.techcrunch.com/2009/01/05/either-fox-news-had-their-twitter-account-hacked-or-bill-oreilly-is-gay-or-both/

======
paulgb
Look at the twitter feed: <http://twitter.com/foxnews>

Looks like the feed is updated automatically from RSS feeds or some other
source. The latest tweet doesn't fit the template, so I'm guessing the
"hacked" theory is correct.

------
grouchyOldGuy
One does not necessarily invalidate the other.

------
vaksel
looks like its a widespread problem...I guess there is some vulnerability
being exploited

------
axod
Once you start to get big, hacking and spam surely follow... It'll be
interesting to see what the story is here. Is every twitter account hackable?
Are they going to start implementing some sort of spam filter? or a method to
report spam?

~~~
pmjordan
You can report spam to the @spam user. That's only effective against users who
are spamming, however. It doesn't really help in the situation where an
account has been compromised. I strongly doubt "every twitter account is
hackable"; someone probably just got hold of the passwords of the accounts in
question.

EDIT: looks like more accounts are being compromised. Maybe someone _has_
found a hole in twitter's servers. Or, a disgruntled employee decided to have
some "fun".

------
create_account
So does that mean I'm _not_ invited to Natalie Gulbis's birthday party
(<http://twitter.com/natalie_gulbis/status/1072283758>)?

Bummer.

------
TomOfTTB
In fairness, both could be true :)

------
jonursenbach
@barackobama was hacked as well.

------
wallflower
Probably a simple MITM attack. I think it's time twitter.com invested in a SSL
certificate.

~~~
pmjordan
<https://twitter.com/> does exist and work. Is there a problem with their
certificate?

EDIT: honest question, I'm not trying to be snarky.

~~~
wallflower
I guess I meant to say that Twitter should default to using secure cookies.
Once you login via twitter, it defaults to unsecured HTTP.

~~~
pmjordan
This is of course a fair point. I haven't seen the SSL version of the site
encouraged or even documented anywhere. I suspect it would take down their
current server infrastructure if all users suddenly switched to SSL access.

