Twitter.Grader.com hacked?

Twitter Grader home page

UPDATE: You will see in the comments on this post an update from HubSpot with a link to their blog explaining the incident, I know a lot of folks don’t read the comments, so here it is in full.

“We are very sorry for the mistake. It is completely our fault. As your article mentions, we have contained the situation and stopped the malicious tweets.

We do want to make clear that by design, the HubSpot software applications are on different servers and systems from our free Grader.com tools. This attack did NOT affect the HubSpot software used by our 2,100 customers. Again, there is no impact on our paid product or paying customers.

We have posted an article on our company blog with more information:

http://www.hubspot.com/blog/bid/5594/One-Lesson-From-The-Twitter-Grader-Screw-up-OAuth-Rocks

- Mike Volpe
HubSpot (makers of Twitter Grader)”

…and that, ladies and gents, is an object lesson in how to deal with an event like this. Much respect to HubSpot.

__________________________________________________________________________________________

In what looks like another compromise related to Twitter services, a large number of Twitter users who have granted access to their accounts to the web service Twitter.Grader.com have all begun tweeting a bizarre and unauthorised message.

: Example of affected accounts (search by Twitscoop)

Fortunately the link that has been endlessly tweeted by grader users does not appear to host any malicious content. It points to a blog with an embedded YouTube video of Biz Stone back in 2006 promoting Twitter.

The domain name of the destination site however might give us a clue to the motivation behind the attack. Seonix presumably refers to Search Engine Optimisation and perhaps that is the real purpose of this attack. Forcing large numbers of Twitter users to tweet a link to the site may well be an effective method of pushing it up the search engine rankings. The domain seonix.org was created on the 11th February 2010 and the details of the owner have been anonymised.

Embarassingly the victims of this attack also include Dharmesh Shah, the founder of Grader

: Dharmesh Shah on Twitter

UPDATE: Hubspot, the parent company have tweeted that they are aware of the hack and working on a solution. In the meantime, if you are a Grader user, you may want to consider temporarily revoking Access to Grader in your Twitter profile via Settings -> Connections.

7 thoughts on “Twitter.Grader.com hacked?”

Pingback: Twitter Grader hacked: are you a victim? | Richard Hartley
Pingback: Toyota Failed, Obama Failed, No Tranparency, Hubspot Offers Transparency | The Small BizNest
Pingback: HubSpot TV – To Blog or Not to Blog | My Blog
Pingback: TwitsMag Canada :: Social Networking Social Networking Spammers Twitter APPs :: Twitter Application Grader.com Hacked
Pingback: Twitter Grader hacked: are you a victim? | Twitter News - Twimmer.com
Mike Volpe - HubSpot February 12, 2010 at 12:13 am

We are very sorry for the mistake. It is completely our fault. As your article mentions, we have contained the situation and stopped the malicious tweets.

We do want to make clear that by design, the HubSpot software applications are on different servers and systems from our free Grader.com tools. This attack did NOT affect the HubSpot software used by our 2,100 customers. Again, there is no impact on our paid product or paying customers.

We have posted an article on our company blog with more information:
http://www.hubspot.com/blog/bid/5594/One-Lesson-From-The-Twitter-Grader-Screw-up-OAuth-Rocks

- Mike Volpe
HubSpot (makers of Twitter Grader)

Reply ↓
Pingback: Twitter Grader hacked: are you a victim? @ Technology News

CounterMeasures – A Security Blog

Trend Micro’s Rik Ferguson blogs about current security issues.

7 thoughts on “Twitter.Grader.com hacked?”

Leave a Reply Cancel reply