Is my Twitter hacked on Mefi? December 13, 2010 11:36 AM   Subscribe

Why does the Twitter plug-in on my MeFi profile page feature a spam tweet about acai but when I visit my real twitter feed that spam tweet is nowhere to be found?

It would appear that my account has been hacked... but only on my MeFi profile page. I changed my Twitter password just in case. Anyone else have this problem?
posted by PostIronyIsNotaMyth to Bugs at 11:36 AM (35 comments total)

I blame Gawker.
posted by box at 11:37 AM on December 13, 2010


From the twitter "Trust and Safety Team"

We reset passwords + deleted updates on accounts affected by acai spam; accounts were compromised in the Gawker properties hack.

My guess is that your update is just cached on the MeFi server or in twitter's rss feed, but has since been deleted from twitter. (on preview, you're right box!)
posted by eyeballkid at 11:40 AM on December 13, 2010


No idea. Maybe a spammer figured out a way into folks' Twitter accounts and Twitter cleaned up after our checker visited. I'll remove that tweet from our system.
posted by pb (staff) at 11:41 AM on December 13, 2010


Ooh! Oooh! I was right! What do I win?
posted by eyeballkid at 11:42 AM on December 13, 2010


It's possible your Twitter was compromised last night or early this morning (a lot have been), as a possible-to-likely result of the recent horrible Gawker hack/fuckup. If so, the tweet no longer being in your twitter stream may mean that Twitter has since managed to roll some of that damage back automatically; or it might mean that your tweet was flagged as spam but your account is still fucked.

Change your twitter password in any case. Check this procedure if you've ever commented on a Gawker site, just to be sure.

As for why the tweet is still on your userpage, we cache tweets and update them periodically (maybe once a night?), so that should go away eventually but won't be in lockstep with the current state of your twitter stream as I understand it.
posted by cortex (staff) at 11:42 AM on December 13, 2010 [1 favorite]


A ha!
posted by cortex (staff) at 11:42 AM on December 13, 2010 [1 favorite]


Wow. Strange. I didn't think I had a Gawker account. Especially not one linked to my Twitter. Does that mean I must have signed up for a Gawker account and forgot about it or... that somehow Twitter... and I don't know what the alternative would be...
posted by PostIronyIsNotaMyth at 11:43 AM on December 13, 2010


Yeah I just did the MD5 Gawker search thing... and none of my e-mail addresses turned up. Weird.
posted by PostIronyIsNotaMyth at 11:45 AM on December 13, 2010


If it's any consolation, your account was not the only one in our system with acai spam toots. There were nine others. I cleaned 'em up.
posted by pb (staff) at 11:48 AM on December 13, 2010


Is it more embarrassing to shill for acai or to be outed as a Gawker reader?
posted by chrchr at 11:48 AM on December 13, 2010 [3 favorites]


Yeah, to be clear, the Gawker connection is not at all a certainty. The timing makes it an attractive explanation but there may be some other Thing going on right now. The tweet that eyeballkid linked makes it clear that there is definitely A Thing going on with Twitter that seems to explain your experience, but whether that's directly related to the Gawker thing is not clear.
posted by cortex (staff) at 11:50 AM on December 13, 2010


More on Mashable: WARNING: Acai Berry Twitter Attack Spreading Like Wildfire. Twitter says it's related to Gawker, but I don't think that's confirmed.
posted by pb (staff) at 11:51 AM on December 13, 2010


I think it IS related to gawker based on discussions with a programmer friend last night. Here's the sequence of events:

1. 2milion user account info torrent released yesterday, all with username and email unencrypted
2. ~300k passwords also revealed among those
3. The SHA-256 hash was based on an easy 2-character salt, so people started decoding passwords last night
4. Hundreds of thousands of account passwords were figured out in the past 12 hours and shared

My guess is spammers grabbed the initial release of easy guessable passwords and tried them all on twitter with the same usernames.
posted by mathowie (staff) at 11:55 AM on December 13, 2010


Does anyone know where I can get Acai flavoured SPAM? I've been hearing a lot about it lately, but my local supermarket doesn't carry any specialty flavours.
posted by ODiV at 11:55 AM on December 13, 2010


pb: "If it's any consolation, your account was not the only one in our system with acai spam toots. "

pb is so gangsta mobsta.
posted by Rhaomi at 11:56 AM on December 13, 2010


Billy Joel just tweeted something about having "a heart attacai-acai-acai-acai-acai..."
posted by cortex (staff) at 11:57 AM on December 13, 2010 [2 favorites]


As a weird coincidence I just read in Wired that acai berries have been scientifically proven to give you more gIrth and strong man muscle. I like your blog!
posted by Potomac Avenue at 12:04 PM on December 13, 2010


(I think the phrase "acai spam toots" belongs in the next thread down.)
posted by nebulawindphone at 12:07 PM on December 13, 2010


I motherfucking hate all the Acai berry bullshit, especially the fake news sites that pretend to be a real source. I want to stab everyone in the face who has ever bought anything from them.
posted by klangklangston at 12:18 PM on December 13, 2010


I motherfucking hate all the Acai berry bullshit, especially the fake news sites that pretend to be a real source.

I like how ads for various different scams all use the same stock photo of that blond lady doing the Sexy News Anchor thing (sometimes with the shoulderless top). I'm like, man, she's really on top of these scams.
posted by cortex (staff) at 12:22 PM on December 13, 2010


Your ass got haaaaaaaaaacked
posted by NoMich at 12:24 PM on December 13, 2010


How would I know if this affected me or not? I just checked my twitter account and the password seemed to not work so I had to reset it. I'm assuming I would get some kind of notification from twitter if they had reset it or not due to this issue but I don't know. I had a gawker account with the same email but way different passwords so I don't I'm pretty sure it wasn't actually compromised.
posted by dead cousin ted at 12:40 PM on December 13, 2010


Does that mean I must have signed up for a Gawker account and forgot about it

Possibly. I also thought I didn't have a Gawker account and didn't find it here but did find it here.
posted by jessamyn (staff) at 12:48 PM on December 13, 2010


I want to stab everyone in the face who has ever bought anything from them.

I'm still trying to find the perfect ratios, but one day, after I've consumed the right mixture of toxic chemicals, gamma-radiation, and Lil' Debbie Swiss Cake Rolls, I'm guessing the natural result will be me developing superpowers that will make me not unlike some kind of ancient god. With powers.

Evil, terrible, wonderful powers.

Which is going to lead to a moment, where some guys are sitting around trying to come up with a way to make a bunch of cash, and one of them is going to lay out his plans to start marketing online using astroturfing, unsolicited email, and compromising people's accounts to post spam in their name.

He's then going to, in mid sentence, stop talking and develop a glazed look. He'll slump back and smoke will start pouring out his ears, filling the entire room with the smell of greasy bacon.

He'll then lean forward and in my sepulchral voice, say "Knock this shit off before the internet god becomes really angry and does this to the rest of you. Spread the word."

I'll then return control of the guy's body, but any time he even thinks about that kind of plan again, he'll begin to reek of cooking meat, drawing in every hungry feral dog for miles around.

He will be my first... example. They'll get more colorful from there.
posted by quin at 12:54 PM on December 13, 2010 [2 favorites]


How would I know if this affected me or not?

Check out this handy li'l article over at Slate.
posted by NoMich at 12:56 PM on December 13, 2010


An interesting thing you can do (for suitably geeky values of "interesting") is to take some of your low-security passwords, run them through md5sum and sha1sum, and Google for the resulting hashes.

If you get more than 0 results, you almost certainly shouldn't use that password for anything (because if you get a result, it means it's a common enough word that somebody has it already in a bruteforce dictionary). You may be surprised to find passwords you thought were "secure" (because they used letter/number/punctuation combinations) sitting out there in dictionary files. I believe every English word under six characters and many letter/number combinations have been precomputed for both md5 and sha1, and probably other algorithms.

Of course, well designed websites wouldn't ever store an unsalted password hash, but lots of places do, and as a user you have no way of knowing how badly things are being handled on the backend. You should always assume the worst. But even if a site does use salted passwords, the fact that your password exists in a dictionary means it's a crummy password.

Also I wouldn't ever use as a "high security" password (particularly: a password to an encrypted file of other passwords, or to an encrypted volume) a string that you have ever typed or used before, for anything, anywhere, or exists in any form on your computer's hard drive. There are tools that will just take the contents of your hard drive and try every text string it finds as a password against a file. That means all documents, browser histories, email, and passwords used and poorly stored by programs or in configuration files. If you're going to start using a password-keeper program, use a fresh, unique password.
posted by Kadin2048 at 1:00 PM on December 13, 2010 [1 favorite]


Check out this handy li'l article over at Slate.

I actually checked the email when I saw the metafilter post, and sure enough it was in there. The thing I couldn't figure out is that the gawker password wasn't used for anything else so I don't see how that would affect any other account, that's why the twitter thing was weird. Eh, either way, no harm done.
posted by dead cousin ted at 1:09 PM on December 13, 2010


I recently had my iTunes account hacked and it was used to buy some super shitty $3 app that I wouldn't have downloaded for free. It was called PumpkinCamera and had 50 five star ratings with no comments. Apple was cool about it, but made me jump through enough hoops to get my account reactivated that I wish I'd just changed my password and eaten the $3.

The weird thing in that password was only used there and on metafilter. I can't think of any other place I've ever used it.
posted by cjorgensen at 2:06 PM on December 13, 2010


Nice, looks like Gawker has both my email and standard username.

If ever there was a company that I would like to see fail it is the whole Gawker media umbrella.
posted by cjorgensen at 2:12 PM on December 13, 2010


I'm not sure I understand this, from jessamyn's 2nd link,

IMPORTANT: Even if you logged in with Facebook Connect or Twitter, your information is still in this database! Only your password isn't. You are not in the clear.

I never used Facebook Connect or whatever to log in, but is there really any danger if the database doesn't contain a password for you? How would that work?
posted by mediareport at 2:22 PM on December 13, 2010


I believe every English word under six characters and many letter/number combinations have been precomputed for both md5 and sha1, and probably other algorithms.

This leads me to ask something I've been wondering all day: so what about the non-English languages out there? I use multiple non-English languages for passwords and I've wondered for a while now if bruteforce dictionaries have caught on to that trick.
posted by librarylis at 3:24 PM on December 13, 2010


The worst part is dried acai berries taste awful.
posted by boo_radley at 4:56 PM on December 13, 2010


Brief Analysis of the Gawker Password Dump. And another tool.
posted by shoesfullofdust at 5:33 PM on December 13, 2010


I also apparently signed up for a Gawker account at some point in time. Looking at the DB I could see I used this shitty password I use for stuff like that. I'll have to find a new shitty password.
posted by chunking express at 8:37 PM on December 13, 2010


But how will I tweet about my love for Acai berries?
posted by blue_beetle at 5:47 AM on December 14, 2010


« Older "Safe space," y'all.   |   Encouraging answers rather than comments in AskMe Newer »

You are not logged in, either login or create an account to post comments