A site is hacking twitter accounts and sending DM's to followers

There's a note up on the Status blog for this.
http://status.twitter.com/post/681965...

I just got one, too - see below:

----
hey! check out this funny blog about you...
http://jannawalitax.blogspot.com/

stevedillard / stevedillard

--
follow me at http://twitter.com/stevedillard
----
I fell for the trick - tried to log in - and then I came to this page to report it, and I couldn't log in. Don't know if I'll have to change accounts or what. Sucks.

Hi. I suggest you change your Twitter passwords immediately if you logged into that site.

Had the same e-mail today. I didn't log in of course so no damage here. The user that sent it to me was "Lucgoose."

I found this interesting page on the net. The writer seems to have tracked the source of this to individuals in China. He supplies the data on this page: http://demidog.blogspot.com/2009/01/b...

Is Twitter doing anything about this I wonder?

John (ZenMoments)

http://twitter.com/Springbaby31 was the account that sent me that same message

Twitter says they're on it, according to http://twitter.com/twitter

I too received a dm...only too late did I see the "don't open" message. Now what???

I just got a DM from this phishing scam as well: jude
r@ockingjude Hey, i found a website with your pic on it... LOL check it out here http://twitterblog.access-l... 2 minutes ago

Perhaps you can send a message to the person you received the DM from and advise them to change their password

I didn't login so I am safe but my follower isn't .. too bad. The message is the same most others are getting too:

Hey, i found a website with your pic on it... LOL check it out here http://twitterblog.access-logins.com/... ryaguy / ryaguy

I fell for it...made a new account but I can't even activate it on my phone because my number is "still in use" on my old account. Ugh, I'm so mad!

I got the email about someone having seen my picture.

You think so? LOL

I tried changing my password. But they beat me to it...I was an hour away from home and was getting text messages from my friends asking me what this blog thing was...that's when I realized my mistake...and by the time I was able to change my password it had been changed already. :(

Wow, I'm such a blonde...I can change my password after all...sheesh, nevermind. Well, I'm pretty happy now :)

May be a dumb question.... I am at a loss though....What would be the payoff of hacking into twitter?

I think it's probably a good display of force, i.e. look at all these people willing to give their logins away. Firefox blocked this hack within the first hour, so pretty much everyone who got 'hacked' after that was guaranteed to not be using Firefox.

If this isn't a good enough reason to switch, I don't know what is.

If you happen to use the same password both on Twitter and on your email account, hackers can gain access to your email, since they can see from your account what your email address is. That would be one possible motive.

So if you believe your Twitter account has been compromised and you use the same password on your email account, I suggest you change your email account's password as well.

You're saying when I logged in from the link I gave away my login? I feel so ignorant to this stuff.

Well I hope that this is now behind us- it looks like the website is now blocked in Firefox and Chrome. I stopped receiving DM's last night- Thanks twitter and @mattcutts for the quick response to the issue and removing the spam from the community.

For those who gave their login info away-
Reset your Twitter password here

You can also learn more about this scam on the twitter blog

i had the same problem. i got a dm from @zoomer33 saying hey look at this funny blog rosalierebyb.blogspot.com. i just blocked him.

hey look at this funny blog http://rosalierebyb.blogspo... received it from @Blogmuse

Basically this thread is becoming a list of people who don't use Firefox or Chrome (or OpenDNS) and don't read their Address Bar. Do you want me to call these people on the phone or something? "Change your password, someone is complaining that you're gullible on the Twitter Get Satisfaction page"?

My account was hijacked this am and sent this out this am.

wow you know how 1 hour ago i got a dm with a blogspot link? I just got a FOLLOWUP from the SAME PERSON:

fixed it.. hehe here is that blog i wanted to show you
http://twitterblogs.access-logins.com...

HAHAHA, so they're now reusing accounts of people who still haven't changed their password.

NICE WORK TWITTER, WHY HAVEN'T YOU BLOCKED 122.136.45.47 IN YOUR FIREWALL YET?

dig twitterblogs.access-logins.com

;; QUESTION SECTION:
;twitterblogs.access-logins.com. IN A

;; ANSWER SECTION:
twitterblogs.access-logins.com. 3600 IN A 122.136.45.47

;; Query time: 1297 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Sun Jan 4 15:29:24 2009
;; MSG SIZE rcvd: 64

ALSO that one asks for a facebook login lol this is KOOBFACE LIKE

http://latimesblogs.latimes.com/techn...

if you have the app, change your mac address as well

Hello

@alix1 cannot log into her account. She reset her password after the hackers sent DMs from her twitter. An email was suppose to be sent to her (she did the 'forgot password' option at the login) but she never received it. Can someone help?

I was hit by 15 accounts. What I don't get is why twitter doesn't disable links like myspace does. All I can do is to block the profile that sent me the link, manually, it is a royal pain. I didn't click on the redirect this time. I saw the url when it said http://twitterblog.access-logins.com/...

This needs to be fixed RIGHT NOW. This is amazing that it keeps happening. I have gotten so many requests to go this site and enter in my log in information.

I looked at the site and have a question:

<quote>input name="authenticity_token" type="hidden" value="f7a20c1d5e391eea6e3eb98c48b4e7cb8e36346a"</quote>

if Twitter revoked that key wouldn't that solve the problem?

I am not login to that site. I am change my password in twitter dashboard. I have tell to my friend not to login to that site. but i am, my self, i the one that already hack, i change my password, and they said that i enter wrong curent password. Please, reset my password.
I dont get any email to reset my pass.

I don't recall visiting any of these sites, but it is certainly possible I did. They changed my password and email.
http://www.twitter.com/wadeng is my account, prior email was wade@newgrounds.com.

Here is the new phishing link I received.. it is attempting to access twitter and facebook passwords...

They Suck!!

via Twitter to me
show details 8:33 PM (33 minutes ago) Reply

Check out this blog type website. you need to see it.. http://bloggertwit.access-logins.com/...

Here is a new version of the message "Check out this blog type website. you need to see it.. http://bloggertwit.access-logins.com/..."

Looks like the same people trying to scam login info.

Be careful.

So I made a filter in Gmail - *@postmaster.twitter.com
Test the search you will see something like 800 messages. On the next step select Skip the Inbox and Mark It read I made a label Called Twitter that way I can still pull up all my twitter email.

ALWAYS notice the text right before .com if it is not something you notice do not click on it.

I got a message in my email that my twitter account is linked to and they said a blog had started about me and I went there and than it was an error page.