There was a massive attack of spammy messages on Twitter lately in what seemed like a big time hijack or compromise of accounts. The malicious messages were specifically focused on weight loss statements or life-changing events, along with a link of a spoofed Women's Health magazine that promotes a "miracle" or "magic" pill for weight loss.
The statement goes something like, "If I didn't try this my life wouldn't have changed." It remains unclear if the posts with links intend to install malicious software or to do some malicious tasks, but sure thing if it does, the compromised accounts -not necessarily life itself - would have changed in ways. Regardless, Twitter already warned its members that the link may be harmful.
There were also reports that claim that that there were links that lead to websites that sell health products for women.
Gathered reports say the malicious attacks apparently are related to security breaches involving third-party apps and sites, such as Twitter for iPhone apps and We Heart It site for image sharing and promotion. In fact, tweets viewed by Ars Technica have the tag "via weheartit.com" that led to the speculation.
"We are definitely seeing some malicious activity which we have now blocked and are investigating further. Unfortunately I don't have any other information I can share at this point," writes President Dave Williams of We Heart It.
We Heart It website eventually turned off its features on Twitter, which were enabled sometime in January.
"We've temporarily disabled sign-in and sharing via Twitter while we look into an issue. Please sign-in via email in the meantime," writes We Heart It on its Twitter account.
Subsequently, what added to the confusion was the tweets from the same campaign have tags that showed the transmission was made through Twitter for iPhone app, which is understandably connected to the social networking site.
Sometime in September, recall that Hootsuite accounts were similarly attacked and interestingly featured the same diet pill product
Critics say the hijacking simply shows how security breach in interconnected accounts or interdependent network can bring about a domino of problems for its members or users. The possibility of a faulty login or account authentication credentials was not ruled out as well.
As per Twitter, around 7,000 accounts or less than .01 percent of its user base were victims of the unauthorized access via third party with an OAuth system that permits third-party access without the need to share login credentials. Images that users "heart" are automatically posted to the users' Twitter account as well through OAuth mechanism that links different accounts without the need to leave the site. The heart website has 25 million users.
Compromised Twitter accounts should change their passwords at once and pick one that is strong and uncommon.
We Heart It confirms in its latest blog post as of this writing that the attack started days ago in Australia and no personal information seemed to have been compromised. The disabled sign-in and sharing features were restored as well.
