Its yet another day for twitter lost the battle for spammers. Mobile Security research saw a increased number of spam emails sent from twitter accounts to anyone from their contact list.
When one of researcher found spam email in his personal box, he was surprised. Even I received a spam email from one our researchers. When I contacted him back, he told me that has hasn’t used twitter account for a long time. So the question goes how did the spammer got his password. I can think of two different reasons why this might happen.
1. These accounts were a part of prior breach when twitter was compromised couple of months back.
2. A new hack has taken place which twitter hasn’t released to anyone yet.
When we observed the compromised account, we saw that an email which was sent out with a link pointing to a domain on malware domain list. The following day, twitter wiped all the mails with the malicious link from my sent folder without any email being sent to the user. This means anyone who clicked one that link were compromised and twitter kept the secrets of comprise for them self.
The following day legitimate twitter.com sends a email with some xyz email id which appeared to be suspicious ( ) saying your account has possibly been compromised and password has to be changed. This shows that twitter were aware of this issue or after they identified they suspected account compromise.
It will be interesting to see how many users were compromised.
In the earlier days before twitter introduced API, twitter was a spamming machine. Later they also acquired a small Silicon company to fight the spamming efforts. However it appears that they still have failed to fight the spammers.
I will be posting few counter measures to help prevent clicking bad links accidentally in my next post.
[…] Similar thing happened after Twitter got hacked and thousands of accounts got compromised – the spam increased. It has opened a gateway for hundreds of phishing scams. Submitting those emails to anti-phishing […]