{"id":128,"date":"2009-04-17T11:11:01","date_gmt":"2009-04-17T16:11:01","guid":{"rendered":"http:\/\/www.hewins.org\/dhh\/?p=128"},"modified":"2009-04-17T11:14:20","modified_gmt":"2009-04-17T16:14:20","slug":"the-saga-of-a-twitter-security-problem","status":"publish","type":"post","link":"http:\/\/www.hewins.org\/dhh\/2009\/04\/17\/the-saga-of-a-twitter-security-problem\/","title":{"rendered":"The saga of a Twitter security problem"},"content":{"rendered":"
\"this
this is a screenshot from an account I created with the email address support@twitter.com<\/figcaption><\/figure>\n

I have a few email addresses. I hacve some that I use for my everyday life, one for work, and others for things like signing up on email lists and entering contests.<\/p>\n

One of the email addresses I use to subscribe to Jim Bramlett’s “inJesus” evangelical email<\/a> list got a strange email the other day from Twitter. The subject was, “Welcoming you to Twitter!” and it began, “Hello, new Twitter-er!” This, I thought was very strange because I didn’t sign up for a Twitter account with that email address, and I looked into it. It turns out that someone had created my account and called it “PastorFurtick” with the name Steven Furtick. I immediately changed the password on the account so that nobody could access it anymore (I wish I hadn’t, more on that later). Then, naturally, I googled Steven Furtick and came up with this site<\/a>. I looked for a way to contact his church<\/a> and found a phone number, called it, and didn’t reach anyone. I didn’t leave a message either. I was going to ask about the twitter account while knowing that it wa not necessarily Steven who had created it.<\/p>\n

As I was discussing this with my coworkers today, I decided to try it myself. I realized that I could complete the sign-up process and start tweeting without even verifying the email address that I used to create the account. I made an account called “securityproblem” with the email address support@twitter.com. (In the meantime, my coworker created one with my work email address.) It seemed that someone else had dome something like that becuase when I saw the home page, my new account was already following and followed by “llk4235<\/span><\/a> \/ Lupe King<\/strong>“.<\/p>\n

So I tweeted. I tweeted more and tweeted @biz, the founder (nothing in reply yet). A screenshot of the first few tweets is what is above. Check out the twitter account page here<\/a>. I have tested logging out and back in to this account, and that works, no problem.<\/p>\n

Looking around for other people talking about it, google turned up the Twitter support page on “My account is compromised…<\/a>” but it doesn’t really address the issue at hand. This is more about something strange happening to an existing account. I need to know about creating new accounts. I didn’t really find anything useful after googling “sign up for twitter with someone else’s email address”. Mostly, people were concerned with Twitter “impoersonators” but this was not related to the email address issue.<\/p>\n

If you know anything about this issue, please comment here or tweet @hewins<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

I have a few email addresses. I hacve some that I use for my everyday life, one for work, and others for things like signing up on email lists and entering contests. One of the email addresses I use to subscribe to Jim Bramlett’s “inJesus” evangelical email list got a strange email the other day … Continue reading The saga of a Twitter security problem<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,3],"tags":[34],"class_list":["post-128","post","type-post","status-publish","format-standard","hentry","category-digg","category-random","tag-twitter"],"_links":{"self":[{"href":"http:\/\/www.hewins.org\/dhh\/wp-json\/wp\/v2\/posts\/128","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.hewins.org\/dhh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.hewins.org\/dhh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.hewins.org\/dhh\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.hewins.org\/dhh\/wp-json\/wp\/v2\/comments?post=128"}],"version-history":[{"count":4,"href":"http:\/\/www.hewins.org\/dhh\/wp-json\/wp\/v2\/posts\/128\/revisions"}],"predecessor-version":[{"id":134,"href":"http:\/\/www.hewins.org\/dhh\/wp-json\/wp\/v2\/posts\/128\/revisions\/134"}],"wp:attachment":[{"href":"http:\/\/www.hewins.org\/dhh\/wp-json\/wp\/v2\/media?parent=128"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.hewins.org\/dhh\/wp-json\/wp\/v2\/categories?post=128"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.hewins.org\/dhh\/wp-json\/wp\/v2\/tags?post=128"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}