Updated: Another Twitter Hack in the Wild - Adult Webcam Site Sends Spam Messages
It looks like either Twitter or a third-party Twitter service was hacked today by an adult webcam site. Chances are that you have seen the following message in your Twitter stream at some point in the last few hours: "hey! 23/Female. Come chat with me on my webcam thingy here www.chatwebcamfree.com." The constant stream of messages just stopped as we were writing this story. We have asked Twitter for a response and will update this post as soon as we hear more.
Update 1: According to security firm Trend Micro, the webcam site serves up "an obfuscated JavaScript that loads up porn related advertisments on the browsing computer." It is still not clear how the Twitter users' accounts were compromised, however.
Update 2: Here is Twitter's reaction. Apparently, about 750 accounts were compromised in this attack. Twitter has reset these users' passwords and deleted the webcam tweets. Still no news about how the hackers got a hold of the passwords.
For now, we recommend that you check your updates to see if this message appears in your stream. If it does, you'll probably want to change your password immediately.
Twitter itself has a decent track record when it comes to security (though some celebrities' accounts were hacked a while back), so we assume that this hack originated somewhere else, but for now, it is not clear how these hackers managed to get a hold of all of these users' accounts.
The last Twitter 'hack' turned out to be relatively benign and just exploited a well-known security hole but didn't actually steal users' passwords or direct them to an adult site. Until Twitter's oAuth implementation goes fully live however (Twitter is testing it with a select group of developers right now), users have to hand over their full Twitter credentials to every third-party Twitter service, which could allow a malevolent programmer to easily create a huge database of logins and passwords.
Update 3: looking a bit more into this, it seems like the same scam has appeared on IM services like MSN Messnger and also on Facebook.
Facebook
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
It’s uncertain yet, whether Twitter itself has been compromised or if it’s yet another example of a third party website being hacked. I’m guessing it’s the latter.
Because of Twitter’s lack of functionality, there’s a huge number of websites offering Twitter related services. Many of these third party websites require the user to give their Twitter user name AND password in order to use the service. Amazingly, users seem only too keen to give their account details to these often unknown providers.
hello buddy how are you dear i read your comment it's great i like it dear i learn alot of things from your comment i hope everyone likes your post dear thanx for this information
=========================
will smith
=========================
adult-