March 6, 2009 2:55 PM PST

Expert: Twitter accounts hijacked in new attack

by Elinor Mills
  • Font size
  • Print
  • 4 comments

This is the malicious tweet that links people to a dubious Web site, Trend Micro says.

(Credit: Trend Micro)

Twitter users looking for a little entertainment on a boring Friday may want to go elsewhere to get their fix.

A new attack was hijacking Twitter users Friday, with at least 700 accounts being compromised in two hours beginning at about 11 a.m. PST (7 p.m. GMT), security researcher Rik Ferguson wrote on the Trend Micro blog.

Victims are clicking on a link in a tweet that lures them with the promise of chatting with a 23-year-old woman on a Webcam.

"It appears that there is a rash of Twitter account hijacking going on this evening," Ferguson wrote.

"Obviously we recommend against clicking on this link, it leads to a porn Webcam portal which looks to have been designed with credit card harvesting in mind," he wrote. "Affected users should change their password to a secure one as soon as possible."

Twitter co-founder Biz Stone confirmed the attack and said the company had reset the passwords of the compromised accounts and removed the "spammy updates." "Today we discovered about 750 Twitter accounts were broken into and had a link to a webcam site posted on the accounts," he wrote on his blog. It appears other sites and services have been affected by a similar attack.

Stone urged people to use strong passwords for their Twitter accounts and not to share passwords with anyone.

Twitter fended off a series of clickjacking attempts last month in which users were tricked into sending out spam tweets.

. Updated 4:25 p.m. PST with Twitter comment.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

News,

Vulnerabilities & attacks

Tags:

Twitter,

security,

clickjacking,

Webcam

Share:
Digg
Del.icio.us
Reddit
Recent posts from Security
Q&A: Researcher Karsten Nohl on mobile eavesdropping
RockYou sued over data breach
Hacker Gonzalez pleads guilty in Heartland breach
Microsoft rebuts IIS vulnerability claims
More attacks expected on Facebook, Twitter in 2010
GSM crypto code cracked, engineer says
Web-based Lookout protects mobile devices, data
Hackers claim to crack Kindle copyright armor
Related
Using Facebook and Twitter safely
Mom updates Twitter as 2-year-old son is dying
Does Twitter mean business with 'Contributors' test?
Twitter hijacked by 'Iranian Cyber Army'
@Uh-oh: Twoddler lets toddlers send tweets
Twitter working on fix for 'misdirected' tweets
More attacks expected on Facebook, Twitter in 2010
McAfee Labs' 2010 threat predictions (podcast)
Add a Comment (Log in or register) (4 Comments)
  • prev
  • 1
  • next
by JCPayne March 6, 2009 9:08 PM PST
All of the Instant Messaging companies (Except AOL IM because it has the "WARN" feature) have ignored for years the mass spamming methods where people tell you... to come- and click on their website so you can join them etc.... It only seems natrual that they would target other services next.
Reply to this comment
by stoneman57 March 8, 2009 11:06 AM PDT
Any fool that clicks on a link in a message like that DESERVES whatever they get. THAT is an OBVIOUS malicious message and link. It's truly unbelievable how gullible & stupid some people are, not to mention perverted!
Reply to this comment
by Mnithin March 8, 2009 11:50 AM PDT
This is disgusting. Though ppl are aware about the facts that such sites do exist where our passwords gets compromised. Its total foolishness from our part. They should be aware that melicious message do exist every where.
Reply to this comment
by henrikflensborg March 8, 2009 11:25 PM PDT
750 compromised accounts is really nothing compared to the number of accounts that would be affected by the countless Twitter services that *require* your Twitter name and password in order to work.

It only takes one bad apple amongst the Twitter services companies - right down to just *one* employee with less than stellar ethics - or just one Twitter services company getting hacked or otherwise compromised to have an outbreak
Reply to this comment
(4 Comments)
  • prev
  • 1
  • next
advertisement
Click Here

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET