So, how did they do it?
I'm not a le* Anonymous faggot.
I'm interested in how they did it. And more importantly, how to prevent it.
I'm sure it comes down to some dumbass Twitter employee in the end, though.
Either a bad password or a dumb fuck in charge of the account that gave out the password unconsioussly through social engineering. Or they've owned the account in the first place and just pretend to be cool.
man i wonder how they ever would have figured that'd be the password
OP, all this ever is is scriptkiddies who want to be hackers spamming passwords until they get it, then they change the picture for praise.
Why does the KKK have a twitter anyway
You won't get any answers here man, everyone here is too stupid and won't admit they don't. It's why they choose to insult you instead of answering cause they don't. And the ones the do know how, probably don't give enough a fuck to reply
the attacker sends a fabricated DMCA notice to the organization who operates the website stating that the user have uploaded copyrighted material, and that they are prosecuting that user in US court, and are requesting the IPs and name of the user associated with that account. 99% the stupid fucking company doesn't check the validity of the DMCA notice because they want to avoid having to go to court over it. This is how terrorists managed to obtain the personal information of a Youtube user who upload anti-islamic videos recently. With the help of IP spoofing (through a rogue LIR (registrars) they will register an IP with information matching the existing IP address (set the same geolocation data, network operator address, etc). They will appeal to twitter through this IP address, and use social engineering to reset the password.
Couldn't they skip the IP spoofing part?
I don't see what's so important about having the account owner's IP address info, unless the system verifies with email every time a new IP logs in.
employees working in appeals department, as well as automated recovery systems will look at the IP address the user registered with and compare it to the IP being appealed from, you can't rely on the numbers because lot of ISP have addresses in different subnets, so they use the geolocation data and ISP registered to that IP. which can be spoofed by any registrar. my LIR friend registered me IPv4 address that resolve to antarctica and north korea.
I would probably use Ixquick it it looked and felt more like Google.
All anyone would have to do is make some custom CSS for ixquick or startpage with a Google style to it and I would change in a heartbeat.
>twitter is secure
who gives a fuck
anonymous (twitter) have always been faggots, sure are making a statement with this one.
Could be anyone.
>ITT 14 year olds looking for l33t haxs
I'm fairly new to /g/ how often do you cunts have to deal with these questions. I'd say it's quite often due to the nature of the board thinking /g/ is leet hax0rz
>I'm fairly new to /g/ how often do you cunts have to deal with these questions. I'd say it's quite often due to the nature of the board thinking /g/ is leet hax0rz
A fair deal. We also get a lot of idiots from /v/.