Dec. 13, 2010 at 11:00 AM ET
It's the holiday season and while the temptation to find quick weight loss solutions may be overwhelming, DON'T fall for the scams, especially anything having to do with the trendy acai berry. Because RIGHT NOW, zombified Twitter accounts have turned into a spamming factory directing Tweeps to "acainews" links, out of the control of account owners.
The only weight you might lose is because your stomach is turning at your account being compromised. Fitting into that dress or suit is not worth this.
Mashable reports that this latest virus "is spreading at a rapid pace — within a minute, more than 10,000 tweets related to the attack have popped up" on Twitter. "This is one of the fastest-spreading attacks we’ve ever seen in our years tracking Twitter security and worms," reports Mashable co-editor Ben Parr.
Tipped off by Twitter’s Del Harvey, who leads Twitter's Trust and Safety team, Parr connects this attack and the one that affected 1.3 million Gawker commenters last night (as reported by PBS NewsHour). Mashable has "also found similarities between the compromised Gawker database and the compromised Twitter accounts. The recommended course of action is to change your Twitter password."
So if you use the same passwords for both accounts, or the same e-mail, change your password NOW. Gawker even recommended that unless logging in through Facebook Connect, it's "best to assume that your username and password were included among the leaked data." Lesson: try not to use the same passwords on different sites.
Gawker — which oversees several blogs, including Deadspin, Fleshbot, Kotaku, Jezebel, Jalopnik, Gizmodo, io9 and Lifehacker — was the victim of Gnosis, a hacking group, which stole the million-plus passwords from the company's user database, according to Graham Cluley, senior technology consultant at Sophos, who writes the Naked Security IT security blog. Mediaite received explanations directly from Gnosis, which claimed responsibility for the attack.
Back on Twitter, accounts may have already been compromised by a third-party service, according to TweetStats and TweepSearch creator Damon Cortesi, who told Parr he didn't see any malicious code on the acai pages while logged into Twitter on a dummy account. Meaning, once on the site, it doesn't seem to reach back and try to grab more info or sneak in malware, as other recent attacks have done.