Twitter Hack Could Cause Problems: The Latest Hack Got My Password (StalkTrak)

[This is a Twitter Hack walk-through. How I got hacked, and willingly gave up my password to the scam. RE: StalkTrak, LTwitteri(d0t)com, “who’s stalking your twitter.” I’ve done it so you don’t have to. Another popular variant, DM “Is this you in this picture <link>?”]

Update 7-20-11: Just got this in my Direct Message inbox on Tweetdeck. The hack is still running folks.

StalkTrak, LTwitteri(d0t)com, Twitter Hack

Update (24 hrs): Steps: 1. UnAuthorize App, 2. Change Twitter Password. Seems to have done the trick, no further intrusions. Stay safe out there.

What was I thinking? I got what looked like a legitimate message about a new Twitter tool. And something about stalking. Perhaps that should’ve been the clue. But I went along for a looksee. And in the process opened my account up to a scam of some sort. Here’s how it got started.

Twitter Virus, Password Stolen

Not sure what “stalks” means in this case, but I’m interested to find out.

Here’s what the site logo and URL look like.

StalkTrak, LTwitteri(d0t)com, Twitter Hack

They ask for an email address and a password.

StalkTrak, LTwitteri(d0t)com, Twitter Hack

And on the same screen is a Twitter OAuth link. It’s odd to have both on one screen. I was curious, and I was feeling somewhat bulletproof. So I authorized the “StalkTrak” to see what was what.

Regardless of what you put in, here is the resulting page.

Don't authorize StalkTrak to your Twitter account

And that was it. Nothing. I couldn’t tell anything from this mash of data and for a few hours, nothing suspicious happened.

And then late last night these started going out as DM message from me.

StalkTrak, LTwitteri(d0t)com, Twitter Hack

Okay, so I went back to Twitter and revolked the Twitter OAuthorization. Here’s how you do that:

Profile Edit on

And go to the

delete Twitter Authorizations on the Applications screen of your profile

And I was comfortable that I was done.  And I posted a few warning Tweets to alert anyone that had gotten a DM from me about not to click on it.

Sending out alerts to the Twitter hack

And so at that point I figured I was done.

Until I checked back into my Twitter account. And found these lovely tidbits. I can see how these might really pose a problem for some folks. I think I’m okay, though. I think… (grin)

Twitter hack shouts at my boss, twitter scam

Okay, so one more trip to Twitter to change my password. Yes, dumbass that I am, the password I gave in the LTwitteri screen WAS also my Twitter password. Now that was Dumb. My own dumbness, that I’d been meaning to change for months. Okay, it’s changed now.

And it looks like the Twitter Authorities are on the scam as well. When I tried to click one of the original links from the bogus Tweets, here’s what I got.

unsafe site warning by Twitter

Anyway, that’s what it looks like when you walk into a Twitter ambush. You go off on a link from someone (I did not know the original “stalk” tweeter) and give authorization to an app and then your stream gets flooded with crap. I’ve seen a similar scam on Facebook, usually with sex-ish topics in their pictures and subject lines.

Anyway, I wanted to warn you about  LTwitteri. Stay away, check your Twitter Authorizations and change your password. Stay safe out there.

And… another similar come on that’s showing up in my DM inbox:

The "is this you" scam on Twitter

@jmacofearth (also seen on Google+: jmacofearth)

Check out the Strategist’s Notebook page and these other posts about online marketing:

Let me help you jumpstart your social marketing:

FluentSocial (Social Media Marketing)
FluentSearch (SEO, Google Adwords)

Most people don’t really enjoy being mean; they do it because they can’t help it. (from Graham’s Hierarchy of Disagreement)

This Post Has One Comment

  1. Well, the url should give the first clue, and if you use twitter web all the time, authorizing an app should not ask for username and password if you previously logged on to twitter.

Leave a Reply

Close Menu