TwitterRank is Fake

12Nov08

Something called “Twitterank” has been #1 on Twitter’s trending topics for much of the afternoon, and a flurry of tweets have been coming across along the lines of “my twitterank is 30.35!” with a link to an individual page for each user on a crudely designed website. While the site doesn’t give any real details as to what the number means, users have been handing over their credentials in mass to get the latest peek at what their Twitter popularity might be. Bad idea.

twitter

Word is now spreading that the site is a might be a phishing scam, setup for the sole purpose of stealing Twitter usernames and passwords. Fortunately, the developer apparently isn’t doing it for malicious purposes. ZDNet seems to have identified the person behind Twitterank, who tweeted this evening “Twitterank is a vast conspiracy I created to steal all of ur passwords + shame Twitter into OAuthing. + make u look vain.” (Update 4:30pt: This person is *not* the developer of Twitterank, but rather a Tweet that ZDNet picked up on to highlight the potential security issue)

In other words, this might just be a high profile prank to bring attention to a security vulnerability in Twitter. And at the same time, make a whole lot of people look very foolish for handing over their usernames and passwords just to see a silly numerical ranking that has no meaning.

We’re still trying to pin down a few more details on Twitterank, but in the meantime sound off in the comments and let us know if you got suckered or know more about the app.

Update (4:55PT): The blog linked to from the Twitterank site has been updated. The author writes, “No, I am not a phisher. I don’t even store your password. Your password gets used once to calculate your Twitterank, and is never stored on disk or any other permanent storage device. Having said that, people do need to be more careful about giving away their account information. I’m not evil, but the next guy might be.”

Subscribe to me will you?

Add to FacebookAdd to NewsvineAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to Ma.gnoliaAdd to TechnoratiAdd to Furl

Advertisements


4 Responses to “TwitterRank is Fake”

  1. It’s not a security lapse, it’s pure social hacking. Entice the user into giving you their username and password in exchange for something. It would be the same as someone creating a “WordPress Rank” site where you had to enter your login details to be ranked in some arcane way.

    Chances are this guy isn’t evil, but it won’t be long before someone decides to do something nasty.

  2. 3 Rowan

    Moral of the story: Don’t give out your login details, EVER.

    Says the girl who fell for this. Which, I feel, makes me more entitled to say that. I naively submitted my details thinking “eh, what’s the worst that could happen? It’s only Twitter. And people aren’t that mean, anyway.” Firstly: yes they are. Secondly: I might not have any sensitive details stored on my Twitter, but it’s still a terrible idea to give people access to an online account, whether it’s your email address or something minor like Digg or Twitter.

    I’ve changed my password and learnt my lesson.

  3. Not that I’m totally impressed, but this is more than I expected when I found a link on Delicious telling that the info here is awesome. Thanks.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: