11
Feb
Twitter.Grader.com hacked?
Article from Rik Ferguson
Filed under: Hacking,SEO,Site Compromise,Web 2.0,data leakage | RSS 2.0 | TB | Tags: , , , , , , | 6 Comments
Twitter Grader home page

Twitter Grader home page

  
UPDATE: You will see in the comments on this post an update from HubSpot with a link to their blog explaining the incident, I know a lot of folks don’t read the comments, so here it is in full.

“We are very sorry for the mistake. It is completely our fault. As your article mentions, we have contained the situation and stopped the malicious tweets.

We do want to make clear that by design, the HubSpot software applications are on different servers and systems from our free Grader.com tools. This attack did NOT affect the HubSpot software used by our 2,100 customers. Again, there is no impact on our paid product or paying customers.

We have posted an article on our company blog with more information:

http://www.hubspot.com/blog/bid/5594/One-Lesson-From-The-Twitter-Grader-Screw-up-OAuth-Rocks

- Mike Volpe
HubSpot (makers of Twitter Grader)”

…and that, ladies and gents, is an object lesson in how to deal with an event like this. Much respect to HubSpot.

 
__________________________________________________________________________________________

In what looks like another compromise related to Twitter services, a large number of Twitter users who have granted access to their accounts to the web service Twitter.Grader.com have all begun tweeting a bizarre and unauthorised message.
 

Example of affected accounts
Example of affected accounts (search by Twitscoop)

 
Fortunately the link that has been endlessly tweeted by grader users does not appear to host any malicious content. It points to a blog with an embedded YouTube video of Biz Stone back in 2006 promoting Twitter.

 

The domain name of the destination site however might give us a clue to the motivation behind the attack. Seonix presumably refers to Search Engine Optimisation and perhaps that is the real purpose of this attack. Forcing large numbers of Twitter users to tweet a link to the site may well be an effective method of pushing it up the search engine rankings. The domain seonix.org was created on the 11th February 2010 and the details of the owner have been anonymised.

 

Embarassingly the victims of this attack also include Dharmesh Shah, the founder of Grader
 

Dharmesh Shah on Twitter
Dharmesh Shah on Twitter

 
UPDATE: Hubspot, the parent company have tweeted that they are aware of the hack and working on a solution. In the meantime, if you are a Grader user, you may want to consider temporarily revoking Access to Grader in your Twitter profile via Settings -> Connections.


Bookmark
| More
This entry was posted on Thursday, 11. February 2010 and is filed under "Hacking, SEO, Site Compromise, Web 2.0, data leakage". You can follow any responses to this entry with RSS 2.0. You can leave a response here, or send a trackback from your own site.

6 Comments to "Twitter.Grader.com hacked?"

 Twitter Grader hacked: are you a victim? @ Technology News:
Monday, April 25th 2010, 10:15 pm -> Thursday, 11. February 2010 um 11:14 pm

[...] Ferguson of Trend Micro notes on the Countermeasures blog that Twitter Grader itself was hit, as was Dharmesh Shah, its [...]
Mike Volpe - HubSpot:
Monday, April 25th 2010, 10:15 pm -> Friday, 12. February 2010 um 12:13 am

We are very sorry for the mistake. It is completely our fault. As your article mentions, we have contained the situation and stopped the malicious tweets.

We do want to make clear that by design, the HubSpot software applications are on different servers and systems from our free Grader.com tools. This attack did NOT affect the HubSpot software used by our 2,100 customers. Again, there is no impact on our paid product or paying customers.

We have posted an article on our company blog with more information:
http://www.hubspot.com/blog/bid/5594/One-Lesson-From-The-Twitter-Grader-Screw-up-OAuth-Rocks

- Mike Volpe
HubSpot (makers of Twitter Grader)
Twitter Grader hacked: are you a victim? | Twitter News - Twimmer.com:
Monday, April 25th 2010, 10:15 pm -> Friday, 12. February 2010 um 12:44 am

[...] “Revoke access” down by the app’s icon.)Rik Ferguson of Trend Micro notes on the Countermeasures blog that Twitter Grader itself was hit, as was Dharmesh Shah, its founder.As Ferguson points out, [...]
TwitsMag Canada :: Social Networking Social Networking Spammers Twitter APPs :: Twitter Application Grader.com Hacked:
Monday, April 25th 2010, 10:15 pm -> Saturday, 13. February 2010 um 3:31 am

[...] The hackers appear to be trying to improve the search engine ranking of the domain Seonix.org, an online money-making site, which was registered on Thursday, said Rik Ferguson, a security researcher with Trend Micro who blogged about the incident. [...]
HubSpot TV – To Blog or Not to Blog | My Blog:
Monday, April 25th 2010, 10:15 pm -> Tuesday, 23. February 2010 um 6:25 am

[...] Polticians and scum-sucking pigs make uncomfortable bedfellows: “and that, ladies and gents, is an object lesson in how to deal with an event like this. Much respect to HubSpot“  – Rik Ferguson [...]
Toyota Failed, Obama Failed, No Tranparency, Hubspot Offers Transparency | The Small BizNest:
Monday, April 25th 2010, 10:15 pm -> Tuesday, 23. February 2010 um 4:17 pm

[...] to February 11, 2010.  Blog posts start popping up alerting readers that Twitter.Grader has been hacked and “Twitter users who [...]

Name:

E-Mail (not published)

Website:


Spam protection


© Copyright 2010 Trend Micro Inc. All rights reserved.
Legal Notice | Disclaimer