Passwords plundered from Gawker are being used by hackers to flood micro-blogging service Twitter with malware spam about Acai berries.
Insecurity experts have warned that if you get any spam about Acai you should not click on it. Rather than giving you a longer life, or lose “ten pounds of unsightly fat”,, as the berries are claimed to do, the links will lead you to an attack site which recruits you into a botnet.
According to AFP, the problem is that Gawker account users often have the same password as their twitter account.
Gawker Media reported that hackers looted passwords from servers handling nine of its websites including Gizmodo and Fleshbot and the list of names and passwords appeared on the net.
Hackers have been using the passwords in a bid to see if anyone used the same ones on other sites. Apparently shedloads of Gizmodo readers also had a Twitter account with the same password.
A group calling itself “Gnosis” claimed responsibility for the Gawker hack, according to Gawker Media.
Twitter’s Del Harvey, who heads the company’s trust and safety team, advised users in a tweet. This goes to show it is never a good idea to try and put details of a security problem in a tweet as it is difficult to stuff in all the information you need.
The warning reads:
“Got a Gawker acct that shares a PW w/your Twitter acct? Change your Twitter PW. A current attack appears to be due to the Gawker compromise.” Twitter’s official Trust and Safety account (@Safety) followed up with more information, “
The best way to ensure your Twitter account does not get hijacked by acai berry tweets is to change your Twitter password, which you can do by logging into Twitter, then going to “Settings” at the top right of Twitter.com.
Generally the best way for Gawker readers to lose ten pounds of unsightly fat is to cut their own heads off. We mean that in a caring way, of course.