Do you have a highly coveted Twitter handle? You should probably change your password. One user, Daniel Dennis Jones, — who formerly went by @blanket — has uncovered a very serious flaw that lets hackers crack your account and put it up for sale.
On Saturday, Twitter customer service notified Jones that his password had been changed. Alarming, because it clearly meant someone was trying to find a way into his account. He tried to log in but couldn’t. He was still logged in on his phone and saw that all his tweets had been deleted and his follower count had dropped to a big fat goose egg.
Once he was able to log back into his account, his username had been changed to something rude, and his original handle, @blanket, now belonged to someone else. Jones did a little online digging to find his name with a bunch of other sought-after names on a site called ForumKorner, which is where his and other Twitter handles, some of which have been illegally obtained, are being sold.
BuzzFeed FWD explains how hackers were able to break into his account so easily:
Most sites, including Twitter, flag or disable user accounts, or throw up a CAPTCHA, after a certain number of failed login attempts. But whereas many services, including Gmail, limit login attempts on a per-account basis, Twitter apparently only prevents large numbers of login attempts from the same IP address. In other words, hackers — or crackers, as they would call themselves — can try to log in as many times as they want, so long as the login attempts appear to be coming from different computers.