Twitter should do something about their security, it's ridiculous.

I once had a big customer that had their CC's stolen off their site, several times, and that server was hardened to the max. We even got the FBI involved if I remember correctly and nobody could ever figure it out as it was NOT coming from any unknown source, only the client IPs ever accessed the CCs. Couple of years later some hacker in Canada got busted and I later learned that he had a trojan on a machine inside their office and was tunneling in via their IP address which is why we couldn't catch anyone doing anything unusual.

They thought they had a hardened corporate firewall too, guess not!

I knew it wasn't our server at fau

So the idea of a single clean machine that is only used to access critical data, or a twitter account, is not a bad idea if you're a big company like AP.

Human error is the major part of the problem, here. I keep banging the drum to my friends and colleagues over phishing.

Twitter is working on two-stage authentication, but it can't happen soon enough, imho.

Phishing only works on the naive.

Don't click stuff even if you know the sender thanks to Facebook breaches I get phishing attempts from my daughter and her machine is clean, it's just her name on some other email address. You must check everything before trusting it and even then it's not safe.

Check the link before you click it, make sure it's real.

When checking it's still hard to always tell even then as I've seen phishers add subdomains to sites and you see things like "ebay.com.example.com/youreabouttobescrewed.html" which would easily confuse those that don't know what a subdomain is and CLICK!