We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,230 News Articles

BBC and Ed Miliband hit by Twitter hijack

Direct messages feature links to malicious websites

BBC correspondent Nick Higham, First Direct bank and transport minister Ed Milliband are among Twitter users whose accounts have been hijacked and used to send out spam messages.

The direct messages feature text such as 'this you?' or 'hey, i've been having better sex and longer with this here' and feature web links.

The links lead to sites designed to hijack even more Twitter accounts, or distribute malware designed to steal login and password details for online accounts.

Twitter said that receiving the message does not mean your account has been compromised.

However, it urged users that had clicked the links in these messages to change their password.

"If you've received this type of spam from a friend, you may want to alert them to change their password," the micro-blogging site added in a blog.

It's the kind of thing that will persist on social networking services, said Graham Cluley, senior technology consultant at security company Sophos.

"The fact is that social networking accounts have a financial value," he said. "They can be used as a springboard for sending out more spam, malware or selling things."

Cluley said social networking services were starting to take phishing more seriously but are well behind web-based email services like Hotmail and Gmail.

While those sites often filter messages and links, social networking sites are only just beginning to do so.

The problem can be worse on Twitter because of the 140-character message limit. It encourages the use of URL-shortening services such as bit.ly or TinyURL that hide the site's identity.

Bit.ly, one of the most popular URL shortening services, recently started working with Sophos to scan links, said Cluley, but some others are yet to offer such a service.

"Ultimately it's you, the human, that needs to do [the filtering,] Cluley said.

"It's up to you to decide to enter your username and password. Fixing that bug in people's brains is an upgrade we are not capable of."

Meanwhile, security firm F-Secure said the problem may have something to do with some of the recent search engine deals that have been made.

"Yahoo announced that they'll begin to include Twitter's real-time feed into their search results and Facebook is now included in Google's search results. The bad guys can use social networking trust to enhance their SEO [search engine optimisation] attacks," F-Secure said in a blog.

Twitter advised web users to follow its Twitter safety account for more information about protecting their account.

See also: Twitter users send 50 million tweets a day


IDG UK Sites

8 cheapest 4G smartphones in the UK 2014: Best budget 4G phones

IDG UK Sites

Apple MacBook Air lab tests and benchmarks: 11-inch & 13-inch, 256GB, 2014 Mac laptops tested

IDG UK Sites

How to prank people using Google Glass

IDG UK Sites

Brian Cox to step into will.i.am's shoes with IBC keynote