Twitter hit by massive wave of malicious messages
Messages sent by hundreds of accounts testify to dramatic weight loss and link to same suspicious site pedaling diet pills.
Hundreds of Twitter accounts appear to have been hijacked Wednesday to deliver a tidal wave of malicious messages.
The attack, which seems to have begun at about 2 p.m. PT, featured messages testifying to dramatic weight loss and life-changing events, such as, "If I didn't try this my life wouldn't have changed." An accompanying link led to a Women's Health magazine spoof site promoting a "miracle pill" for weight loss.
It wasn't immediately clear if the page was trying to install malware or perform some other nefarious task, but Twitter wasn't taking any chances, warning readers that the link had been flagged as potentially harmful.
The source of the attack wasn't immediately clear either. The attack appeared to be related to security breaches at third-party sites and apps, according to Ars Technica's Dan Goodin. He noted that early versions of the messages included the tag "via weheartit.com," leading to speculation that the accounts had some connection to the social network.
We Heart It told Ars Technica that it had identified malicious activity on the network and was investigating. The social network announced in a tweet that it had temporarily disabled sign-in and sharing via Twitter.
CNET has contacted Twitter for more information on the messages and will update this report when we learn more.
The attack appears similar to one that hit thousands of Hootsuite accounts last September and featured the same diet product. The popular platform for social-media management said that about 7,000 accounts, less than .01 percent of its user base, were affected by unauthorized access through a third party using OAuth, an authentication mechanism that allows third-party access without sharing login credentials.