Twitter hit by massive wave of malicious messages

Messages sent by hundreds of accounts testify to dramatic weight loss and link to same suspicious site pedaling diet pills.

twitterwarning.jpg
Twitter users attempting to click on any one of hundreds of messages advertising dramatic life or weight changes are receiving this warning instead. Twitter

Hundreds of Twitter accounts appear to have been hijacked Wednesday to deliver a tidal wave of malicious messages.

The attack, which seems to have begun at about 2 p.m. PT, featured messages testifying to dramatic weight loss and life-changing events, such as, "If I didn't try this my life wouldn't have changed." An accompanying link led to a Women's Health magazine spoof site promoting a "miracle pill" for weight loss.

It wasn't immediately clear if the page was trying to install malware or perform some other nefarious task, but Twitter wasn't taking any chances, warning readers that the link had been flagged as potentially harmful.

The source of the attack wasn't immediately clear either. The attack appeared to be related to security breaches at third-party sites and apps, according to Ars Technica's Dan Goodin. He noted that early versions of the messages included the tag "via weheartit.com," leading to speculation that the accounts had some connection to the social network.


We Heart It told Ars Technica that it had identified malicious activity on the network and was investigating. The social network announced in a tweet that it had temporarily disabled sign-in and sharing via Twitter.

CNET has contacted Twitter for more information on the messages and will update this report when we learn more.

The attack appears similar to one that hit thousands of Hootsuite accounts last September and featured the same diet product. The popular platform for social-media management said that about 7,000 accounts, less than .01 percent of its user base, were affected by unauthorized access through a third party using OAuth, an authentication mechanism that allows third-party access without sharing login credentials.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Delete your photos by mistake?

Whether you've deleted everything on your memory card or there's been a data corruption, here's a way to recover those photos.