Twitter warns TwitViewer users of security risk

This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.

Twitter’s spam-monitoring account sent a tweet a few hours ago warning anyone who had entered their log-in information into a website called TwitViewer to change their password.

TwitViewer promised to display the profiles of users who had recently visited your profile. The service spread by sending promotional tweets from users’ accounts, satisfying curiosities about who’s “stalking” your Twitter page.

The message, which goes out after entering your Twitter information, contained a link to the supposed phishing scam at TwitViewer.net.

Instead of using OpenAuth, Twitter’s safer log-in processing software, the service asked users to enter their user names and passwords, which is essentially handing over your info to a stranger.

Since the news broke, TwitViewer has been added to Google’s malicious site list, which displays a warning when trying to visit the Web address in most browsers. TwitViewer’s developer has pulled the application offline, putting a message in its place that reads, “Don’t know why all this happened but were [sic] shutting down... may be back up on another domain.”

The TwitViewer developer could not be tracked down for comment. The domain name is registered with a proxy, meaning the owner’s contact info isn’t publicly accessible.

This particular debacle can’t be good brand association for TwitViewer.com, an unrelated website that purports to show Twitter conversation threads but doesn’t seem to be working correctly (don’t worry, it doesn’t ask for log-in info).

-- Mark Milian

Follow my random thoughts on technology, the Internet and Web start-ups on Twitter @markmilian.