• Delicious
  • Digg
  • Facebook
  • Twitter
  • Linkedin

Twitter suffers spam attack using passwords stolen from Gawker website

The acai berry spam attack doesn't to appear to have any malicious content but has links with the Gawker password attack

 Hackers have launched an attack on Twitter using passwords stolen from the website Gawker.
The hackers broke into thousands of accounts and sent spam messages promoting drinks made from the superfood acai berry.

Twitter says the passwords came from an earlier breach at Gawker Media, which runs Gawker, Gizmodo and other technology and media sites. People who used the same passwords for both sites were vulnerable.

It is unclear how many of Twitter's 175 million users were affected but within hours hundreds of thousands of tweets about acai had been registered.

The problem, which is ongoing, doesn't cause a slowdown but is described by users as 'intensely annoying' as it fills up their accounts with the unprompted messages.

Attacks on social networking sites such as Twitter and Facebook are popular because people are more inclined to click on links appearing from friends, rather than email spam.

Acai berries: The superfood at the centre of the spam attack
Acai berries: The superfood at the centre of the spam attack

The latest attacks comes as the FBI announced that it was planning to investigate the Gawker hack, which activists targeted because of the site's perceived 'arrogance'.

Gawker had in the past been critical of the hacker group, 4Chan, which is linked to Anonymous, the group accused of launching attacks on Mastercard and Visa for Gawker, which runs a series of irreverent blogs on media and technology, said more than 1.3million passwords were stolen.

A file containing the password details was then published on a file-sharing site by the group.

And the attack comes as Amazon’s website went down for a number of hours yesterday which the firm attributed to a hardware failure, rather than hackers.

A group called 'Gnosis' has now released a 500MB file containing the data taken from Gawker on the file-sharing system Bittorrent so it can be downloaded by other hackers.

'We're deeply embarrassed by this breach,' the posting on gawker.com said. 'We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems.'

Millions of people are likely to be affected by the breach because of the popularity of Gawker's sites such as Gizmodo, a tech gadget news site, said Rich Mogull, CEO of Phoenix-based Securosis, a security research firm.

The damage should be minimal, though, because Gawker probably stored only emails, user names and passwords, Mogull said.

The Gawker website which runs influential blogs Gizmodo and Valley Wag
Security breach: The Gawker website, which runs influential blogs Gizmodo and Valley Wag among others, has had its database hacked

The problem comes if people use the same passwords on other sites, such as online banking.

The breach may also be linked to a spam 'worm' that has infected hundreds of thousands of Twitter accounts today, linked to an online advert for acai berries.

The hackers were probably able to figure out easy passwords even though they were protected on the Gawker site by a simple algorithm, and could use them to access bank accounts.

The hackers could be upset about something written on one of Gawker's sites, or they could be doing it for bragging rights.

'It's kind of a juvenile thing. It's like spray-painting,' Mogull said.

Such attacks are very common and difficult to stop, as long as the hackers have enough time to try to infiltrate the system.

The attacks are probably unrelated to recent cyberspace attacks over the WikiLeaks site's release of classified government documents, but Gawker could have angered some of the same people, Mogull said.

Last week WikiLeaks supporters were furious that the credit card companies had stopped processing donations to the whistle-blowing website.

Both MasterCard and Visa said that cardholders' accounts were not at risk and that people could continue using their credit cards.

Supporters of WikiLeaks, which has released thousands of classified government documents in recent weeks, said they would attack companies and groups hostile to the site and its founder.

An internet group operating under the label 'Operation Payback' claimed responsibility for the MasterCard and Visa problems in messages on Twitter and elsewhere.

Gawker's Gizmodo tech blog gained fame in May when it posted pictures of an iPhone prototype. The phone was lost by an Apple engineer in a Silicon Valley bar. - dailymail

No comments: