Tens of thousands of Twitter accounts hijacked

by Dave Larson on July 11, 2011

Share this tweet with anyone you know who may have been hacked! Read this post in Portuguese at bottom:

Tens of thousands of Twitter users fell and are still falling for scam DMs that hijack their accounts and send out more spam. Unsuspecting Twitter users have clicked links in DMs such as:

  • “see who stalks you on Twitter”
  • “this is something you might like to see…”
  • “$3,000 to $8,000 a month working from home”
  • “You have been sent a e-Card”

and many others.

Common Twitter scams include:

  1. Hijacked Accounts: The hijackers typically use your account to send out DMs or tweets to ensnare others.
  2. Imposters: Imposters impersonating well-known persons are set up all the time. Sometimes they are mistaken for the real persons, and even make news.
  3. Worms: Twitter has been plagued by worms, which spread messages encouraging users to click malicious links. When one user clicks, his account is infected and used to further spread the message. Soon his followers and then their followers are all infected.
  4. Phishing: Hijacked Twitter accounts are used to send phishing messages, which instruct users to click links that point to spoofed sites, where users will be prompted to enter login credentials, putting themselves at risk of identity theft.

If you think you have been hacked you must http://bit.ly/BlockBadApps and read http://bit.ly/IfTwitterHacked.

 

Portuguese Translation by @HugoFeijo

TRADUÇÃO do texto acima:

Dezenas de milhares de usuário do Twitter caíram e continuam caindo nos golpes das DMs que sequestram as suas contas e enviam mais Spam. Usuários inocentes do Twitter, têm clicado em lins nas DMs, tais como:

  1. “see who stalks you on Twitter”
  2. “this is something you might like to see…”
  3. “$3,000 to $8,000 a month working from home”
  4. “You have been sent a e-Card”
  5. and many others.

 

  1. Contas hackeadas: Os sequestradores de contas, tipicamente usam a sua conta para o envio de DMs ou tweets para ludibriar os outros.
  2. Impostores: Os impostores imitando pessoas bem conhecidas são estabelecidos o tempo todo. Às vezes são confundidos com as pessoas verdadeiras e até criam notícias.
  3. Worms: O Twitter tem sido infestado por worms, que espalham mensagens incentivando os usuários a clicarem nos links maliciosos. Quando um usuário clica, sua conta é infectada e usada para espalhar ainda mais a mensagem. Logo seus seguidores e os seguidores deles são todos infectados.
  4. Phishing: As contas do Twitter hackeadas são usadas para enviar mensagens de phishing, que instruem os usuários a clicarem em links que apontam para sites clonados, onde os usuários serão instigados a inserirem suas senhas de login, se colocando em risco de roubo de identidade.

Se você acha que foi hackeado, deve acessar os seguintes sites:

http://bit.ly/BlockBadApps and read  http://bit.ly/IfTwitterHacked.

{ 8 comments… read them below or add one }

Ileane July 11, 2011 at 11:44 AM

Good looking out!
I rarely look at DM’s with links unless I’m expecting something from a friend that we already discussed in the public timeline.
Thanks Dave.

Reply

John Soares July 11, 2011 at 10:48 AM

What about clicking on links in Tweets, which most of us do all the time? I understand a link can be to a malicious site, but can our Twitter accounts be hacked that way?

Reply

Kimmo Linkama July 11, 2011 at 9:50 AM

I’m not sure but it seems to me that you’re only exposing yourself to hacking if you click on links. That’s why it’s a good idea never to click on links in DMs. I may be paranoid, but I never act on DMs other than those that come from people I know.

Reply

cyd July 11, 2011 at 9:40 AM

well, er umm…”max” is a little off. I received a DM from a friend and their message said that I was mentioned in a blog. of course, i clicked on it and it was not a legit site. My friend’s acct was hacked and then I helped to perpetuate the situation. Neither one of us gave anyone permission to send DMs on our behalf. And we certainty didn’t give out our user names and passwords.

Reply

max July 11, 2011 at 2:08 AM

While everyone is talking hijacked accounts ….I personally think there’s a lot of hype to this.I know for certain that hijacking accounts and dm’s is only possible with the other party entering their username,password and giving the using party permission to send DM’s on their behalf!

Get real if you give someone permission to send DM’s on you behalf then thats your call!

Reply

Xai July 12, 2011 at 3:42 AM

I have had my account hijacked and have not give ANYONE or other party permission to DM on my behalf. It is so annoying having my account used to advertise someone web page by sending tweets as though I did it!

Reply

ايفون July 11, 2011 at 2:03 AM

thanks for the warning

Reply

John July 11, 2011 at 1:42 AM

It’s about time twitter started to detect and block auto DM and malicious tweets. It can’t be that hard to implement.

Reply

Leave a Comment

{ 1 trackback }

Previous post:

Next post: