Twitter Flooded With Malicious Messages From Hacked Accounts

Twitter was flooded with malicious posts from thousands of compromised accounts Wednesday that may be linked to breaches in the social network We Heart It and Twitter app for iPhone.

It has just been a day since the redesigned profile homepage for Twitter was launched and it has been hit by a storm malicious posts from hacked accounts. Call it bad timing, but the security breach at the micro-blogging site resulted in thousands of compromised accounts tweeting spammy posts. The attack, which kicked in approximately 2 p.m. PT, appears to be linked to security breaches at third-party sites and apps, ARS Technica reports.

The spam posts by several Twitter accounts contained the tag "via weheartit.com," suggesting users' accounts linked to the social network "We Heart It" were compromised. Some tweets, as reviewed by ARS, appeared to be coming from Twitter for iPhone. The source of the messages remains unidentified, but Twitter and We Heart It have taken precautionary measures to restrain the damage to a certain extent.

Twitter filtered tweets with harmful flag and issued a warning when users tried accessing the linked site. The malicious tweets were not hard to identify as they contained words that are usually spam, such as "If I didn't try this my life wouldn't have changed." Accompanying the message would be a link that redirected users to a Women's Health site promoting a "miracle pill" that helps shed some flab weight. Anyone who has come across spam emails and ads will be able to identify the malicious tweets.

Twitter strictly warns users by flagging these links as unsafe. Researchers haven't concluded if the malicious site attempts to install malware on visitors' computers or if they secretly gather personal information about the user.

We Heart It, a social network for sharing content, turned off sharing on Twitter after the massive spam run. We Heart It first enabled Twitter sharing feature in January, letting people post content automatically without actually leaving the site.

We've temporarily disabled sign-in and sharing via Twitter while we look into an issue. Please sign-in via email in the meantime.

- We Heart It (@weheartit) April 23, 2014

In an email statement sent to ARS Technica, We heart It President Dave Williams said they were working to overcome the problem.

"We are definitely seeing some malicious activity which we have now blocked and are investigating further," Williams said. "Unfortunately I don't have any other information I can share at this point."

Tags
Twitter, Messages, Hacked, Accounts
Real Time Analytics