The news from Spotify being hacked once again shows that your data is not always safe. Even if you trust the company that holds it for you. After this news officially published, surfers started a new thread, discussing about some security measures websites offer. The chat started about the most popular and unsafe websites, one of them being Twitter. As big companies like google or yahoo use Twitter, the debate converted to a real time problem, as Twiter is still one of those companies which uses popular API any company with a popular open API.
While Twitter (hopefully) uses a hash for their users passwords, it is the Twitter ecosystem (the hundreds of services that are build around Twitter) that you should be worried about. Since Twitter doesn’t have a safe authentication method for their API (like oAuth) these services need to know your username and password in plain text (ie unencrypted) to query the Twitter API.
If you are a passionate Twitter user you probably use a lot of external twitter apps. What you get is hundreds of places where your Twitter password is vulnerable to hacking attempts.
As it is so easy to build a service around Twitter, and many of them have been build in less then 1 day or week, you can imagine that security is not the highest priority for these Twitter projects.
There’s a fact that many people use the same username/password combination for many different online services, so by hacking one system, it is obious and inevitable that the hacker will use the info to continiously hack other of your accounts on other services such as gmail, flickr, Google docs and Yahoo.
Common Story:
A hacker could probably hack Twitter services more easily than Twitter itself. What he/she would find is your Twitter username and password and in some cases even your email address. Obviously the hacker could abuse your Twitter account, change your password, sell your credentials, stalk you followers and more.
