Twitter.Grader.com hacked?

Twitter Grader home page

Twitter Grader home page

  
UPDATE: You will see in the comments on this post an update from HubSpot with a link to their blog explaining the incident, I know a lot of folks don’t read the comments, so here it is in full.

“We are very sorry for the mistake. It is completely our fault. As your article mentions, we have contained the situation and stopped the malicious tweets.

We do want to make clear that by design, the HubSpot software applications are on different servers and systems from our free Grader.com tools. This attack did NOT affect the HubSpot software used by our 2,100 customers. Again, there is no impact on our paid product or paying customers.

We have posted an article on our company blog with more information:
http://www.hubspot.com/blog/bid/5594/One-Lesson-From-The-Twitter-Grader-Screw-up-OAuth-Rocks

– Mike Volpe
HubSpot (makers of Twitter Grader)”

…and that, ladies and gents, is an object lesson in how to deal with an event like this. Much respect to HubSpot.

 
__________________________________________________________________________________________

In what looks like another compromise related to Twitter services, a large number of Twitter users who have granted access to their accounts to the web service Twitter.Grader.com have all begun tweeting a bizarre and unauthorised message.
 

Example of affected accounts
Example of affected accounts (search by Twitscoop)

 
Fortunately the link that has been endlessly tweeted by grader users does not appear to host any malicious content. It points to a blog with an embedded YouTube video of Biz Stone back in 2006 promoting Twitter.

 

The domain name of the destination site however might give us a clue to the motivation behind the attack. Seonix presumably refers to Search Engine Optimisation and perhaps that is the real purpose of this attack. Forcing large numbers of Twitter users to tweet a link to the site may well be an effective method of pushing it up the search engine rankings. The domain seonix.org was created on the 11th February 2010 and the details of the owner have been anonymised.

 

Embarassingly the victims of this attack also include Dharmesh Shah, the founder of Grader
 

Dharmesh Shah on Twitter
Dharmesh Shah on Twitter

 
UPDATE: Hubspot, the parent company have tweeted that they are aware of the hack and working on a solution. In the meantime, if you are a Grader user, you may want to consider temporarily revoking Access to Grader in your Twitter profile via Settings -> Connections.

7 thoughts on “Twitter.Grader.com hacked?

  1. Pingback: Twitter Grader hacked: are you a victim? | Richard Hartley

  2. Pingback: Toyota Failed, Obama Failed, No Tranparency, Hubspot Offers Transparency | The Small BizNest

  3. Pingback: HubSpot TV – To Blog or Not to Blog | My Blog

  4. Pingback: TwitsMag Canada :: Social Networking Social Networking Spammers Twitter APPs :: Twitter Application Grader.com Hacked

  5. Pingback: Twitter Grader hacked: are you a victim? | Twitter News - Twimmer.com

  6. Mike Volpe - HubSpot

    We are very sorry for the mistake. It is completely our fault. As your article mentions, we have contained the situation and stopped the malicious tweets.

    We do want to make clear that by design, the HubSpot software applications are on different servers and systems from our free Grader.com tools. This attack did NOT affect the HubSpot software used by our 2,100 customers. Again, there is no impact on our paid product or paying customers.

    We have posted an article on our company blog with more information:
    http://www.hubspot.com/blog/bid/5594/One-Lesson-From-The-Twitter-Grader-Screw-up-OAuth-Rocks

    – Mike Volpe
    HubSpot (makers of Twitter Grader)

    Reply
  7. Pingback: Twitter Grader hacked: are you a victim? @ Technology News

Leave a Reply

Your email address will not be published. Required fields are marked *

*