Posted August 26, 2009 9:56 am by with 6 comments

Tweet about this on TwitterShare on LinkedInShare on Google+Share on FacebookBuffer this page

If you ever see a Twitter pop-up message that looks like the following:

RUN! Close down your browser, turn off your computer, do not pass “Go”, do not collect $200!

Why such panic? Because, if you ever see a pop-up similar to that above, it may not be as innocuous as the one created by the guys over at Dave Naylor’s blog. In fact, someone with half an ounce of tech savvy could

…make a Twitter ‘application’ and start sending tweets with it. Using the simple instructions below, it can be arranged so that if another Twitter user so much as sees one of these tweets – and they are logged in to Twitter – their account could be taken over.


Twitter confirmed that the exploit had been fixed, but apparently no one over at Twitter thought to contact Naylor’s team to learn exactly how they exploited the web interface, because even after the fix, they replicated it.

If you’re using a third-party application to send and read Tweets, you should be safe. Other advice includes:

  • If you’re not logged in to Twitter, there’s no opportunity to steal your details or impersonate you, however malicious code could still send you to other websites or otherwise annoy you, so it doesn’t completely fix the problem.
  • Unfollow anyone you don’t know or don’t trust that could be exploiting this. Who’s to say they’re not already stealing your details? If you don’t see their tweets they can’t harm you.

Let’s hope that Twitter gets a real fix in place soon.

  • Oh my dear Twitter… You are in trouble again? Not so long ago you had passwords hacked and leaked documents…
    .-= Money-Era´s last blog ..Alliance is a brilliant idea for blog business growth =-.

  • “Unfollow anyone you don’t know or don’t trust …” Another reason why your “friends” or those you follow should be just that — those you know and trust! Why would you follow anyone that you don’t know enough about (or made no effort to find out about) to trust?
    .-= Judith´s last blog ..Do Your Landing Pages Suck? =-.

  • Twitter seems to be in whole heaps of various trouble lately!

    I imagine this will be a big problem for companies and popular individuals/users,who follow a lot of people they they don’t necessarily know – leaving larger opportunities for the hacking tweet to sneak in. But for ‘smaller’ users, who don’t follow people they don’t know for the majority, I don’t think it will be so much of an issue .
    .-= Luci´s last blog ..The Usefulness Of Informative Content On Twitter For Search Engine Optimisation. =-.

  • This should happen a lot more as Twitter gets even bigger. Eventually everyone on there will just be a robot and the rest of us will of moved elsewhere.
    .-= MIchael´s last blog ..Icing on the SimplyCast cake – A multi-language list manager =-.

  • Twitter need stealth security otherwise there would be only spammers, robot and malicious thing in future.

  • indeed security will be a problem, but these kind of social hacking techniques will keep on coming back and there will be not be any end for this… bugs can be fixed and twitter may become stable one day… but if some website ask for our password ,& if we give there , that can be get lost because they themself may be fraud or otherwise some one might have all ready compromised them
    .-= saas´s last blog =-.