File it under "irony" or "misguided," but executives at some of the world's largest IT security companies willingly gave up Twitter passwords while registering for a security event, according to The Register.
RSA's invitation-only Executive Security Action Forum (ESAF), taking place on Feb. 29 in San Francisco in conjunction with the RSA Conference, asked those registering online for their Twitter credentials to assist in social media outreach. However, the page not only asks for Twitter handles but direct plaintext passwords as well. Additionally, The Register reports that the site does not use OAUth-enabled single sign-on, the standard that websites can use to allow Twitter logons without endangering security.
The consequence is that a database with Twitter account passwords belonging to IT security executives from Global 1000 companies and government likely exists on the RSA site.The ESAF has not yet responded to a request for comment.