* Major #Twitter Security Bug

A Twitter security flaw appears to allow one user to lock another user’s account simply by repeatedly trying to login to that account. It looks like that’s what somebody is trying to do to my Twitter account. Worse, there is nothing I can do about it, because Twitter appears to be unprepared for this (rather obvious) scenario.

Here’s the error message that I got when I tried to login – once – after dinner tonight:

2009-02-25-twitter-security

Locked out!

We’ve temporarily locked your account after too many failed attempts to sign in. Please chillax for a few, then try again.

So rather than have a way for me to contact Twitter about the unauthorized access to my account, rather than have a way for me to change my password, Twitter has the advice to “chillax.”

I would tweet about this as well, but I’m locked out and without options. Lovely.

9 Replies to “* Major #Twitter Security Bug”

  1. What happened in the end? Did it unlock itself? I have the same problem because of a malfunctioning Twitter add-on. 🙁

  2. Twitter must have a very novice operations staff. They do stuff like this that just pisses people off. The whole “chillax” idea shows that they don’t respect the time of the people using Twitter. They don’t give you any idea how long to “chillax” for, and you know any new attempt that is done too quickly is just making things worse.

  3. Wow, annoying is right. There’s no way to know how long to #*$!ing ‘chillax’, and no way to know if repeated tries re-sets the lock clock.

    Pretty damned amateur, but that’s not really surprising with Twitter.

  4. If you reenter pass you can enter direct, but after you close your session & try to back, the message appears again… I have 3 days with this problem

Leave a Reply

Your email address will not be published. Required fields are marked *