Here we go again. A site called GO0GLE-WIZARD.com is actively posting bogus (forged) tweets on behalf of thousands of compromised Twitter accounts. There’s a few differences from the similar twittercut episode a few weeks ago. In the case of GO0GLE-WIZARD.com, it’s not yet obvious where the site is getting the compromised account credentials. Presumably, the users have logged in to some web site or service on the net using their Twitter username/password and that site is operated by the same people as GO0GLE-WIZARD.com or somehow made a deal with them to share compromised accounts. Another possibility is the GO0GLE-WIZARD.com folks compromised some other site that had thousands of Twitter IDs and passwords on file. The whois record for the domain says the info is “protected” , meaning hidden behind a proxy, in this case some outfit called “WhoisGuard”.
I’ll post updates if we find out who is really behind this and what site they’re getting the stolen Twitter credentials from. In the mean time, don’t believe any tweets that suggest your friends are making money from this scam website.
UPDATE 7/30/2009: Twitter’s spam-monitoring account sent a tweet a few hours ago warning anyone who had entered their log-in information into a website called TwitViewer to change their password. Perhaps this is the culprit of the stolen Twitter accounts.
UPDATE 7/31/2009: TwitViewer is apparently a scam too, but perhaps not related to GO0GLE-WIZARD.com. Some people are seeing a relation to Foursquare, an iPhone Twitter app, but some dispute that too. So I don’t think we know for sure yet where GO0GLE-WIZARD.com is getting the stolen Twitter IDs and passwords.
UPDATE 7/31/2009: What’s worse here is accounts are getting suspended by Twitter even if they delete the spam and change their password. Come on Twitter, get a clue.