“hey! 23/Female. Come chat with me on my webcam thingy” attack on Twitter

Can’t believe this hasn’t been picked up by the major blogs yet, but I’m seeing a lot of friends having their twitter account compromised with this unauthorized tweet:

hey! 23/Female. Come chat with me on my webcam thingy here www.chatweb*********.com

(redacted by me).

A quick search on Twitter Search shows this is happening to a very large amount of people. (If you do visit the site, be aware it’s NSFW).

How is this happening?

The most likely vector of this attack is probably via one of the numerous 3rd party Twitter services that ask for your username and password in order to provide additional functionality (statistics, alerts, etc).

It’s unlikely that any reputable service would have done this intentionally, but very likely someone was able to maliciously gain access to their database and steal all of the twitter username/passwords. Because these services must authenticate with Twitter directly it’s not possible for them to store the passwords hashed.

The answer to this is oAuth, which Twitter is in the process of launching.

A most recent check of Twitter search shows that the last message was posted 2 hours ago of the time of writing, which probably means Twitter put a stop to this – presumably by blocking any posting of the specific string of text. That doesn’t mean the attackers won’t try again with a different message

My advice is:

• Change your password, especially if you have been attacked by this.
• Never use the same password you keep for Twitter anywhere else
• Limit the number of sites you put your Twitter username/password into.
• Change your password often to stop old sites you don’t use still having access to your account