Phishing Attack Responsible for Market-Impacting @AP Hack

There was a lot of coverage earlier this week about the bogus tweet from @AP claiming that the White House had been bombed and President Obama injured. What I had not realized was that the account appears to have been hacked because of a phishing attack. ars technica reports:

The bogus tweet was sent from one of at least of two compromised Twitter accounts belonging to the Associated Press. Mike Baker, a reporter with the 167-year-old news organization, said the AP's mobile Twitter account was compromised as well. "The @AP hack came less than an hour after some of us received an impressively disguised phishing email," he wrote in a separate Twitter dispatch. In recent days security personnel with the news cooperative discovered malware had infected some of its computers, officials told the New York Times.

Obviously, even sophisticated users need to be more careful about reacting to phishing emails. In general, never click on anything you are sent in an email. Instead, log into the site in question by typing in the address yourself.

Twitter committed to accelerating its program to roll out two-factor authentication, especially for use by people who tweet from mobile devices such as cell phones.