This morning I woke up to find that someone or something has retweeted spam messages on behalf of my Twitter account. Some of my followers alerted me about it (thank you!) and here are my thoughts on suggestions as to what might be the reason:

The Twitter itself is silent on the issue and I don't know whom to ask about it. Their Report Violation page seems to be designed to educate people how to leave them alone.

Comments: 5

  1. homakov

    It's definitely not CSRF. I've been checking twitter for this for a long time. Did you notice anybody with the same issue? I want to explore this

  2. Ivan Sagalaev

    One person on Twitter said he had samples, you might want to contact him. I deleted my retweets by this time.

  3. Григорий Бакунов

    Another thing supporting this hypothesis is that after I changed the password spam has stopped. I can't verify if it happened anywhere else after that.

    All twitter cookies was marked as invalid right after you change your password. This is how twitter auth works :) So it's still can be csrf or just a cookie stolen from your firefox/chrome/whatever.

  4. bikeamtn

    FYI Just had this happen Mar 13 2013 and trying to understand how. your right, Twitter support isn't talking. How do they post porn-spam which said I 'Reteeted' it and listed over 5000 reteets and a handful of followers? My account is new and real simple; have only made about 6 tweets, no retweets that I've made, no app relationships, no followers (maybe one) and maybe 2-3 retweets of my posts. Now upon login I was asked to reset password (which was complex and never had been hacked) so I did this and changed default 'Password Reset' to "Ask to verify". You can easily send a fake RESET request just by entering someone's User ID (with default settings).

    All very interesting...

  5. bikeamtn

    Just saw the YouTube video how it's done: "Twitter Retweet Hack 2012 (No Virus & No Program)"

    Thanks for your post.

Add comment