- Southwest Airlines passengers receive free Nintendo Switch consoles and Mario Maker 2 Wednesday 9:10 PM
- The Deplorable Choir drops diss track aimed at 4 congresswomen from Trump’s racist tweets Wednesday 8:09 PM
- Florida city is pushing homeless people out by playing ‘Baby Shark’ on a loop Wednesday 7:27 PM
- A ‘Gossip Girl’ reboot is coming to HBO Max–and fans are not happy with the casting details Wednesday 6:44 PM
- Beto can’t leverage his slave owner ancestry to gain Black voters’ trust Wednesday 5:51 PM
- Oakland to become the third U.S. city to ban facial recognition Wednesday 5:50 PM
- ‘Release the Snyder Cut’ billboards pop up outside of San Diego Comic-Con Wednesday 5:24 PM
- Iggy Azalea and Peppa Pig have an epic Twitter fight Wednesday 4:39 PM
- Should you be concerned about your privacy on FaceApp? Wednesday 4:15 PM
- Google ‘terminates’ Dragonfly, its censored search engine for China Wednesday 3:33 PM
- AOC rips Facebook during Libra House hearing Wednesday 3:14 PM
- The time traveler conversation meme finds its way to TikTok Wednesday 2:52 PM
- Grimes claims she had an ‘experimental’ eye surgery and practices sword fighting Wednesday 2:42 PM
- 70 Border Patrol employees under investigation for posts in secret Facebook group Wednesday 1:45 PM
- Republican’s Operation Safe Return criticized as cover for mass deporation Wednesday 1:42 PM
@Blanket theft: One surprising security loophole that puts Twitter accounts at risk
And all to impress the ladies.
Many people who were on Twitter early managed to get awesome, short handles. As Daniel Dennis Jones found out, that also makes those people high-value targets for hackers.
Jones signed up to Twitter several years ago under the username @blanket: a short, memorable name that would make him easy to find. Trouble is, it made it easy for hackers to find him as well.
On Saturday, Jones, digital media producer at the Berkman Center for Internet & Society at Harvard University, found his account had been accessed and his username stolen.
Some digging revealed that the hijacker (calling himself “n0rth”) was selling his username and that several other accounts, such as @tournament and @deluded, had also been swiped recently.
In his investigation, Jones, who has rejoined Twitter as @originalblanket, discovered that the teens who are cracking these accounts (through vulnerable passwords and holes in Twitter’s security) have two goals: They want to make a little cash, and they’re trying to impress girls who may wish to take desirable usernames for themselves.
A Storify of Jones’s Skype chat with one of the hijackers is a compelling read, suggesting that Moon, a 14-year-old who has only been cracking accounts for two weeks, is doing so more to probe holes in Twitter’s security system than to make a killing by selling usernames. Moon claimed that he intends to target only inactive accounts and would not want to hurt anyone.
The teen also provided some details on why Twitter accounts are much easier to hijack than those on YouTube: The latter’s CAPTCHA system filters by account name rather than IP address, which is reroutable via proxies.
Jillian C. York, of digital rights advocacy rights group Electronic Frontier Foundation, tweeted a link to Jones’s initial Storify, adding that “This is reason why @Twitter’s ‘verified’ status is coveted. Betcha @originalblanket would have his account back by now if he were verified.”
Still, it’s a troubling tale of how easy one can lose a Twitter account into which they’ve poured years of effort.
Correction: The Twitter handle, @murder, was not obtained by the hacker identified as “n0rth.” We regret the error.
Photo by PrincessAshley/Flickr
Based in Montreal, Kris Holt has been writing about technology and web culture since 2010. He writes for Engadget and Tech News World, and his byline has also appeared in Paste, Salon, International Business Times, Mashable, and elsewhere.