Twitter is always a busy place, and you’ve probably seen plenty of promotional tweets in your feed before. This weekend, however, numerous big-name Twitter accounts unwittingly started spewing out ads for a service they’ve probably never even heard of. Charlie Sheen.
Messi. Famous publications like The New Yorker and The Economist. Playstation and Xbox Accounts, all tweeting images promising to “increase your Twitter followers.”
The images bore the URL freeadd.me, and none of the accounts mentioned here knew they were posting them. Numerous others were used in the widespread spamming. Then, as quickly as the flood of tweets had come, they suddenly dried up.
Early reports screamed “hack!” and pointed fingers at Twitter itself. That seemed unlikely given the large number — and wide variety — of accounts that had been coerced into tweeting. It had all the hallmarks of a third-party service being compromised, and we now know that was the case.
Today, Omer Ginor, Managing Director of the stat service Twitter Counter, took to his company’s blog to clear the air. Attackers reportedly discovered a flaw in the way Twitter Counter set cookies for its 2 million-plus users.
Ginor said hackers were able to “one by one pretend to be a specific user and be able to take actions on our site on their behalf.” Given the rapid pace with which the tweets were posted, it appears as though they figured out a way to automated the process. Manually running down the extensive list of victims would’ve taken quite some time. Source: forbes