No, we don’t “heart” it. Hundreds of Twitter accounts were hijacked and used to spread spam for several hours last night (April 23). The issue appears to have originated from WeHeartIt.com, a social photosharing website that lets members connect their Twitter accounts.
The spam tweets read, “If I didn’t try this my life wouldn’t have changed,” and contained links to a Web page touting a “miracle diet pill” called Garcinia Cambogia. The page was designed to look like the magazine Women’s Health, but the URL revealed that it was a fake.
The “diet pill” is definitely fake, but experts say that links on the page might also contain malware as well. Translation: Do not click on them. Most of the spam tweets, particularly at the beginning of the deluge, contained a “via weheartit.com” tag, suggesting that the social networking site was the source of the spam. However, some of the later tweets were tagged as being sent via other apps such as Twitter for iPhone.
It appears that the cyberattack originated at We Heart It, and because the site has such a direct connectivity to Twitter, the spammers were able to connect to that site as well, which gave them a much bigger platform for their spam campaign.
The spam stopped late last night, after We Heart It disabled its Twitter sign-in and sharing functions. We Heart It now says the issue has been resolved. Nevertheless, people who use We Heart It and sign in to the service with their Twitter accounts should change both passwords, just in case the log-in credentials for one or both services have been compromised.
- 7 Ways to Lock Down Your Online Privacy
- How to NSA-Proof Your Smartphone
- Things You Didn’t Know Could Be Hacked
Copyright 2014 Tom’s Guides, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.