Home » Featured » Twittor – Launched & Hacked in 2 Hours (Password was: 123123123…)

Twittor – Launched & Hacked in 2 Hours (Password was: 123123123…)

Update: Site was taken down until the issues are fixed and now displaying this on the homepage:

twittor

The Main Story:

A new and seemingly nice service was launched today and published on Reddit, this service is called Twittor – basically an onion based twitter, this was the launch post on Reddit:

reddittwit

We registered to have a look around this service and moved on without giving it too much attention, although the idea is nice and we planned to follow up on it at later.

2 hours later we found this post on the same thread replying to this post: “sounds interesting but what makes this any better than the hub?”, it was from those kind of posts we became so familiar with lately pointing out security issues, and even worse, posting the plaintext password of the main site account (although its not a backend admin account, the fact he could get ANY password is bad enough):

twi2

Nothing. its much worse. its basically the hub with twittor trying to profit by selling verification for vendors in the future.

their security is awful

id,login,password,subs,followers,desc_tiny,img,pubkey,valid,verified

Twittor|f5bb0c8de146c67b44babbf4e6584cc0

plaintext: 123123123

this is why you don’t reuse passwords

We went out to verify this info and what do you know… we were logged in a minute under the main account of this site:

twittor

From our previous login to the site using out test account, we were able to confirm that this is indeed the main account of this site.

Sure, no harm was done (yet) in this case but surely it might be a good idea for the admin to fix these issues before introducing it to the public – especially when its meant to serve vendors and marketplace owners as a way to communicate and keep their users updated with the latest news.

Read the full discussion on Reddit, here: http://www.reddit.com/r/DarkNetMarkets/comments/1yn3ui/introducing_twittor/

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

3 comments

  1. I appreciate these guys….The only thing that will keep marketplaces and other forums from scams are self regulations. That’s the only way we’ll ever be able to protect ourselves from getting taken by people who only want to make some quick cash and don’t really appreciate what the darkest is there for in the first place….

  2. PFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFT

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>