[This is a Twitter Hack walk-through. How I got hacked, and willingly gave up my password to the scam. RE: StalkTrak, LTwitteri(d0t)com, “who’s stalking your twitter.” I’ve done it so you don’t have to. Another popular variant, DM “Is this you in this picture <link>?”]
Update 7-20-11: Just got this in my Direct Message inbox on Tweetdeck. The hack is still running folks.
Update (24 hrs): Steps: 1. UnAuthorize App, 2. Change Twitter Password. Seems to have done the trick, no further intrusions. Stay safe out there.
What was I thinking? I got what looked like a legitimate message about a new Twitter tool. And something about stalking. Perhaps that should’ve been the clue. But I went along for a looksee. And in the process opened my account up to a scam of some sort. Here’s how it got started.
Not sure what “stalks” means in this case, but I’m interested to find out.
Here’s what the site logo and URL look like.
They ask for an email address and a password.
And on the same screen is a Twitter OAuth link. It’s odd to have both on one screen. I was curious, and I was feeling somewhat bulletproof. So I authorized the “StalkTrak” to see what was what.
Regardless of what you put in, here is the resulting page.
And that was it. Nothing. I couldn’t tell anything from this mash of data and for a few hours, nothing suspicious happened.
And then late last night these started going out as DM message from me.
Okay, so I went back to Twitter and revolked the Twitter OAuthorization. Here’s how you do that:
And go to the
And I was comfortable that I was done. And I posted a few warning Tweets to alert anyone that had gotten a DM from me about LTitteri.com not to click on it.
And so at that point I figured I was done.
Until I checked back into my Twitter account. And found these lovely tidbits. I can see how these might really pose a problem for some folks. I think I’m okay, though. I think… (grin)
Okay, so one more trip to Twitter to change my password. Yes, dumbass that I am, the password I gave in the LTwitteri screen WAS also my Twitter password. Now that was Dumb. My own dumbness, that I’d been meaning to change for months. Okay, it’s changed now.
And it looks like the Twitter Authorities are on the scam as well. When I tried to click one of the original links from the bogus Tweets, here’s what I got.
Anyway, that’s what it looks like when you walk into a Twitter ambush. You go off on a link from someone (I did not know the original “stalk” tweeter) and give authorization to an app and then your stream gets flooded with crap. I’ve seen a similar scam on Facebook, usually with sex-ish topics in their pictures and subject lines.
Anyway, I wanted to warn you about LTwitteri. Stay away, check your Twitter Authorizations and change your password. Stay safe out there.
And… another similar come on that’s showing up in my DM inbox:
Check out the Strategist’s Notebook page and these other posts about online marketing:
- Workin Facebook < all the Facebook Posts in one place
- uber.la quickies < a streamlined takeaway from today’s best marketing sources
- Social Media University < 2 minute educational videos
- Social Business MBA < the reading list
- Becoming a Social Media Rockstar: The Quick Path < um… let’s discuss
Let me help you jumpstart your social marketing:
Most people don’t really enjoy being mean; they do it because they can’t help it. (from Graham’s Hierarchy of Disagreement)