All it takes is for one of these Twitter mashup clients that saves your login info to sell that info to the highest bidder. I think it's always important to know and trust where you login to any service.
Adult Television
· 9 months ago
how did they get access to those twitter accounts, was it a case of bruteforcing or a security hole in twitter.
Fortunately the link being posted looks spammy enough, so I don't think most people woudl click it.
gkrew
· 9 months ago
Could it be that perhaps they were sent via SMS spoofing instead of actually hacking the accounts?
Eric
· 9 months ago
ouch, that is bad news
swag
· 9 months ago
In a way, it's good for Twitter. Spam and abuse is the validation of your medium.
Kun
· 9 months ago
Very bad news indeed. Just found my Twitter account has completely vanished! No trace of my of friends lists, nor can I login... :( This is bad.
mashable
· 9 months ago
I have no new info on this, but is it possible that clicking the link launches some kind of XSS attack, the same as the one in January?
It is much more likely that it is a XSS attack than a password theft issue. You can currently access protected updates by grabbing the stream using an HTTP GET to http://twitter.com/statuses/friends_timeline.json from javascript running on any page a signed in user visits. This might have been solved, but not as far as I know.
Rovaal
· 9 months ago
Hi Adam and thanks for sharing, I had a good laugh!
Those Twitter dudes sure don't look like no 23 y.o. female to me :)
Thanks again,
Rov.
xyborg
· 9 months ago
It could be malware too, we have "koobface" which send messages over Facebook, and maybe it's a variant for Twitter. The bad guys are always looking for new popular sites where spread their software.
xyborg
· 9 months ago
Sorry for the double posting. I just did a search and found that it's the same domain used for koobface days ago on Facebook.
thanks for that ... updated the post with your info.
Ari Herzog
· 9 months ago
Interesting. If you run a whois search on the domain - http://whois.domaintools.com/chatwebcamfree.com - you see it has a WhoisGuard address of "8939 S. Sepulveda Blvd. #110 - 732" which when googled indicates a lot of scams. Not to mention, this domain is apparently expiring in May; so maybe the hacking was a means of bring new investment?
Sam
· 9 months ago
Is it weird that all the hacked accounts seem to have uncommon letters in them? All the ones in the example above have a Z in them, and when I did a TwitterSearch they all had Z, X, J etc. in the name. Coincidence?
fmckinnon
· 9 months ago
Yikes, that's crazy - thanks for the heads up - off to change my p/w.
Dom Sparks
· 9 months ago
Twitter account hacks don't surprise me in the least. I don't know how this was done, but it's not helped by the fact that people are very trusting of twitter-related sites that ask for twitter passwords, regardless of whether they are secure. In general, many web 2.0 sites do not use the 'Padlock' thing anymore, and it's no longer possible for your typical user to tell whether a site is using a secure connection for your credentials (for example, Facebook & Twitter use SSL, whereas Digg's login is plaintext), nor do we know anything about how twitter-related services keep your password secure, or how they communicate with Twitter (http or https). Stuff like this is bound to happen for so long as people give their trust so willingly. My advice, firstly, use a completely different password for all your accounts, and secondly, avoid using services unless they are known to be both trustworthy and secure....
Mario
· 9 months ago
This is quite bad news.. That spammers are getting all the way to twitter and doing stuff like this, quite unacceptable. I hope they will fix problems as this for the future.
Steve
· 9 months ago
I'd also like to know which link in the chain gave way (or was given away) to allow this to happen. Security issues have been an almost daily concern these days across here, techcrunch, etc. It is a little alarming how easily they can be compromised given what some people invest in these sites. I use this* digital security site to keep my activities safe/private.
Top Rated Escorts
· 8 months ago
thanks for sharing ;D always great posts here
diszk
· 7 months ago
lol what a creative people:)
ayme
· 5 months ago
people have to learn to use stronger passwords, with symbols in it for example. people are too easy with passwords for their accounts, ah easy to remember etc, but great for crackers to guess
All Comments
Fortunately the link being posted looks spammy enough, so I don't think most people woudl click it.
http://mashable.com/2009/01/03/warning-twitter-...
Those Twitter dudes sure don't look like no 23 y.o. female to me :)
Thanks again,
Rov.
http://www.facebook.com/topic.php?uid=234747185...