Twitter’s latest hack attack comes in the form of spammed tweets touting diets or weight-loss plans with shortened URLs that lead to diet-related sites.
The origin of the latest hack could be a result of recent phishing attacks that cracked actual twitter accounts through direct messages, or a third-party tapping into the social media giant’s API system.
API (Application Programming Interface) enables programmers to create applications, websites, widgets, and other projects that interact with Twitter.
Regardless of the origin, Twitter yesterday put out this alert through http://twitter.com/safety:
“If you see a message touting a diet/weightloss plan, disregard; we’re pushing out password resets for affected accounts,” Twitter states.
The tweets could say something like – “I lost 20 lbs in 2 weeks!” – then links to diet sites.
Internet security experts urge you to change your password immediately if you have been affected.
Sophos.com reminds Twitter users they also can revoke access to the Twitter API “for any applications you are using and re-register them. If the criminals who have stolen your credentials still have API access they can continue to impersonate you.”
Do you have to use the API or will it automaticly just start posting to your account?