Hacked Off with Twitter Spam

30 10 2009

spam-in-a-canThousands of twitter users have had their accounts hacked in the past three days. The hackers have used the accounts to send a deluge of direct messages with links to diets, sites offering colonic irrigation and the inevitable porn.  It appears that affected users have been the victims of a phishing attack; they have been tricked into giving out their passwords either by registering for a dodgy twitter application or by being presented with a fake twitter login page.

The best response would usually be to change the password on your account but recently twitter has reported that users are being locked out of their accounts after trying to reset their passwords or change their email address or user names.  It is not impossible that these two events are connected as part of a coordinated attempt to take control of user accounts.

The best defense at the moment appears to be to go to the connections tab in your twitter settings page and ‘revoke access’ for applications that are listed.  Only leave access for applications that you know and trust.  If a pattern emerges as to the applications that are being used to hack accounts  this will help identify the source of the attack.

%d bloggers like this: