Twitter phishing scam exposed

If one of your Twitter friends posted an update about TwitViewer.net yesterday and you followed the link, now would be a good time to change your password.

The Twitter-meme going around said something like: "Want to know who is stalking you on Twitter?" and the site promised to show you who had recently visited your profile page. Step 1: Enter your Twitter username and password.

A few hours after this message was being RTed all over the Twitter-sphere, the official Twitter spam account (which you should be following, by the way) posted this update: "If you gave your login and password info to TwitViewer, we strongly suggest you change your password now. Thanks!"

The site is gone now, so no more harm can be done, but if you entered your info please do change your password if you haven't done so already.

You might wonder why anyone would offer up their login info like this? Aside from some users just being careless, part of the problem has to do with the history of Twitter. In the early days when Twitter was still pretty small, there was no alternative way for a 3rd party site to access your data safely, and Twitter has just a lark, so people would give up their username and password in order to get an interesting statistic or third party feature. It seems old habits die hard.

These days reputable 3rd party Twitter webapps use OAuth, a technology that lets you give a 3rd party app access to your data without handing over your password. When you use an OAuth based service the first time you'll see a screen asking you to Allow or Deny access to your data. Once you click on Allow, you can take advantage of that 3rd party application safely, and it will have access to your data until further notice. If you change your mind, you can revoke access on your Twitter profile's Connections page.

If Twitter has become an important networking tool for you, you owe it to yourself to be careful. Don't use 3rd party websites unless they use OAuth!

And while we're on the topic of Twitter, the new home page that was being talked about last week is now live. New users (or users not logged-in) arriving at http://twitter.com will now find a search box and lists of popular topics for the day, week and month. It dismisses the goofy "I just ate a donut" vibe and exposes more of what Twitter is all about. I think they did a nice job.

The new Twitter homepage

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies