Twitter was flooded by an avalanche of spam from compromised accounts, leading to shortened links and pages promising miracle weight loss, diet pills, and products which would “change lives”. The attack appeared to have come via a third-party service connected to Twitter.
Twitter was flooded by an avalanche of spam from compromised accounts, leading to shortened links and pages promising miracle weight loss, diet pills, and products which would “change lives.”
The attack, which began around 2pm Pacific Time according to CNET’s report, appeared to be linked to third-party sites and apps connected to Twitter.
Ars Technica reported that early on in the attack, every single one of the Tweets contained the tag “via weheartit.com,” a site which hosts services for image sharing and promotion.
Twitter flagged the links in the spam as unsafe – CNET described one as leading to pages which spoofed Women’s Health magazine, and including phrases such as, “If I didn’t try this, my life wouldn’t have changed.” Another page offered a “miracle pill” for weight loss.
Ars Technica reports that researchers have yet to analyze the link to see if it attempts to install malware, but Twitter has flagged it as unsafe. The page referred to “garcinia cambogia” – a vegetable extract often used in weight loss supplements, and a favourite “miracle diet cure” of spammers.
Representatives of We Heart It Tweeted, “We’ve temporarily disabled sign-in and sharing via Twitter while we look into an issue. Please sign-in via email in the meantime.”
Time magazine commented that the attack showed the potential for “cascading” attacks online, as attackers enter via one service to attack the users of another.
Ars Technica’s Dan Goodin comments, “The incident is a potent reminder of how a security lapse of one site or app maker can cascade over to other sites and the millions of people who visit them. We Heart It, which in December said it had 25 million monthly users, allows users to share content directly on Twitter without leaving the site, presumably by using the OAuth authentication mechanism to link accounts between the two sites.”