Acai Berry spam attack connected with Gawker password hack, says Twitter

Filed Under: Social networks, Spam, Twitter

Hundreds of thousands of Twitter accounts appear to have been compromised by hackers, who have spread spam promoting an Acai Berry diet.

Acai berry news spam

Typical spam messages included:

I lost 9lbs using acai! RT This! [link]

and

Lost 10lbs using acai berry! RT This! [link]

The messages appeared so quickly that initial reports suggested that simply visiting the webpage linked to in the messages might automatically post the message from your own Twitter account, however the truth may instead be connected to a high profile password hack that came to light on a different website over the weekend.

According to Del Harvey, Twitter's director of trust and safety, the messages appear to have been posted from accounts where users were using the same password on both Twitter and the recent Gawker website hack. (Note that their are many websites in the Gawker network, including Lifehacker, Gizmodo, etc).

Clicking on the links (which appear to use domain names called "acainews" but could easily use other names in their links too) being spread via Twitter takes you to an advertorial page promoting the so-called miracle diet.

Acai berry spam diet page

Which, in turn, directs users to a page selling a diet solution which claims to use acai berries as an ingredient:

Acai berry spam diet page

The key issue here is that too many users (perhaps as many as a third) are still using the same password for every website they access.

Password chart

Not enough computer users have woken up to the danger of using the same password on different websites. Doing that means that if one site gets hacked (as in the Gawker case) then you might also be handing over the keys to other websites.

Once one password has been compromised, it's only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain.

Furthermore, it's important that users don't use a word from the dictionary as their password. It's easy to understand why computer users pick dictionary words as they're much easier to remember, but as I explain in this video a good trick is to pick a sentence and just use the first letter of every word to make up your password.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Password security is becoming more important than ever. Make sure that you're taking the issue seriously, or suffer the consequences.

, , ,

You might like

3 Responses to Acai Berry spam attack connected with Gawker password hack, says Twitter

  1. I always see this acai berry ads everywhere, even on reputable websites (I think) like dictionary.com. BTW, how is the scammers getting the money? Do they act like fake av?

  2. Chris · 1408 days ago

    Not surprisingly, the acai berry diet is yet another scam which can lead to unwanted credit card/bank charges, etc.
    http://www.ctv.ca/CTVNews/Health/20090323/acai_09...

  3. ??????? · 1367 days ago

    its so easy to advertise these sites now ughhhh

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.