Suspicious Activity Detected On Twitter, Security Breach For Anshe Chung?

Two unrelated reports of possible security breaches, one at Twitter which is confirmed in a blog post and one for Anshe Chung which is uconfirmed but seems to be true, as reported by Shiloh Lyric over at SLUniverse.

I saw in my Twitter feed last night that people were reporting they’d received an email from Twitter informing them that their passwords had been reset, then others pointing to that Twitter blog post to confirm that this might not be a phishing attack. However even the existence of a blog post doesn’t mean it’s not a phishing email, so if you receive one, tread with caution. The Twitter blog post actually has some good tips on password securit, such as trying to make your password at least ten characters, use a mixture of upper and lower cases letters, numbers and symbols and don’t use the same password on multiple sites.

Twitter are also  advising people to follow the advice of the US Department of Homeland security and disable Java on their computer.. and then rewinding a little to tell people to disable in their browser.

The email on the Anshe Chung issue is interesting in some ways, because it was sent by Linden Lab and relates to Second Life passwords. However it should be noted that this is not due to a security breach at Linden Lab.

Shiloh follows the trend I spotted on Twitter, ask questions first before believing the email. That thread also contains good tips, such as not following email links but going directly to the Second Life website and changing the password there. Some people are finding this difficult because they get asked questions that are difficult to answer, and now find themselves locked out of their accounts.

The fact is that some Twitter users and some Second Life users have had their passwords reset by the powers that be. Security is one of those issues where companies rightly err on the side of caution. Users should err on the side of caution too and not rush straight into the links in the email, take time to check out the information, but don’t dismiss such emails just because you think it mght be phishing, in some cases the information is genuine.



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Follow

Get the latest posts delivered to your mailbox: