Twitter Flooded with Acai Spam Following Gawker Hack
In case you missed it, this past weekend, a group called Gnosis managed to hack into Gawker Media’s commenter database, gaining the email addresses and passwords for more than one million commenters across Gawker blogs including Gawker, Gizmodo, io9, Kotaku, and Lifehacker. Gnosis subsequently released the data dump as a torrent, with roughly one fifth of passwords decrypted and the remainder available encrypted for the rest of the Internet to crack. The most alarming ramification of this is that since many people use the same password for multiple online services, people who have commented on Gawker sites could potentially have the security of their social media accounts, bank accounts, and more compromised following the hack. Gnosis wrote that “Included in the dump are passwords linked to accounts from Nasa, about every .gov domain you could imagine and hundreds from banks. One can only pray that they do not use the same password everywhere.”
As such, if you’ve ever commented on a Gawker Media site using a means other than Facebook Connect [as the information of Facebook Connect users was not stored in Gawker’s databases], you are advised to change your password on other sites, but not yet on Gawker until it’s been verified that their database is secure.
One early sign of the potentially far-reaching consequences of the Gawker hack is a nasty wave of acai-related spam which has swept Twitter this morning. Mashable reports that “this is one of the fastest-spreading attacks we’ve ever seen in our years tracking Twitter security and worms.”
The attack is spreading at a rapid pace — within a minute, more than 10,000 tweets related to the attack have popped up on the microblogging service. These tweets link to domains containing “acainews.” We recommend that you don’t click these links.
According to TweetStats/TweepSearch/RowFeeder creator Damon Cortesi, it seems likely that the spam is coming from already-compromised accounts, rather than malicious code from the “acainews” links.
“I poked into the acai tweets a little bit. Definitely a lot more of my friends getting hit than normal, but looking at where the acainews(1-8) sites redirect to. I see no malicious code. I’ve even visited them while logged in to Twitter (on a dummy account) and had no adverse effect. I noticed similar spam going around a couple days ago with the Twitter Search link I sent you. All tweets coming from ‘web,’ destination page with no obviously malicious code.”
Twitter’s Support and Spam accounts write, “Got a Gawker acct that shares a PW w/ your Twitter acct? Change your Twitter PW! Current attack appears to be due to the Gawker compromise.” “In other words: the “acai berry” spam attack looks to be connected w/ the Gawker hack rather than a worm.”
Note that there’s no indication that Gnosis, the group that initially hacked Gawker, is behind the acai spam; they released the database information both as revenge against Gawker for comments made about 4chan and Anonymous, with which they claim they are not affiliated, and as a harsh lesson about web security. But now that the data is out in the open, any unscrupulous party can use it, hence the urgency of changing passwords on other sites for people who have ever commented on a Gawker Media site.