Earlier I posted about the reports of the phishing attacks against Twitter. Apparently high profile accounts i.e Obama, Britney where hacked. The good side is that the Hackers have a sense of humor, the bad thing is that they have been fixed. 

It looks like the vector of attack here some tools that where used by support, to help users change their email. I guess that the hacker was able to change the email of the accounts, change the password and login. Makes me wonder if somebody in the support team had something to do with this?

I guess they should go back and but a BETA tag like most Web2.0 sites, at least that is a good excuse (Gmail is still BETA).

Image source ReadWriteWeb

According to the Twitter blog, phishing scams targeted at Twitter users, have appeared. If you wonder what scammers are trying to achieve with it? Well think about it, there is a lot of value in Twitter account. Maybe not on the average Joe Twitter user, however there are a lot of high profile Twitter users, which account info may be of value. Just by having the president of the USA there, is worth trying the scam. Imagine if they could get the account of any high profile user  or with thousands of followers ? Some interesting social engineering could be done against the followers of the accounts hijacked.

At the end of the day, scammers may be betting on users using the same password on all their sites. Actually it makes sense, think about it, it takes some effort to come up with a new password that you can remember. And since people might think, that their Twitter account is not worth the effort of a new password, then why not use the “standard Web 2.0” password. Just shows how valuable are login information to popular Web 2.0 sites, even if the sites itself is not making money, doesn’t mean scammers can make money out of them.