Was tempted to joke about how you should go see this great blog. But the annoyance factor of this phishing thing is beyond the opportunity for a cheap chuckle. I can't imaging how you're going to pare down your 25,000.
BTW, I'm in Vegas right now. Took a Qik of my room. Just search for jeffcutler on qik - AMAZED at what I traded my lousy Disney timeshare week for.
DM me if you want to grab a bite. Interviews every day of the week (starting tomorrow AM), but will have some time around those to eat and poke around Vegas.
Rachel Levy
· 11 months ago
Well said. Short and sweet!
Jim Gray
· 11 months ago
Rock-Star!
mjankowski
· 11 months ago
Why change the password? Is not being stupid no longer enough?
Arfan
· 11 months ago
just DID IT =)
Chaz
· 11 months ago
Did this just recently actually, and changed other Soc.Media passwords, and then had to go and update each service I use with twitter, didn't take too long.
And I don't fall for phishing ;)
Lee Hopkins
· 11 months ago
done
liesforliars
· 11 months ago
Seems easy enough. But why would you change it if you didn't click on the link?
Philippa
· 11 months ago
Hopefully after this message spreads through twitter people will finally get the message and change their password.
Latoicha
· 11 months ago
Hi Chris!
Thanks for this post. This piece of advice makes so much sense. I am changing all of my passwords.
Thanks again!
Miguel Wickert
· 11 months ago
Done! Thanks! :) -Mig
Ted Demopoulos
· 11 months ago
Great advice with what's going on.
Then again, no one will every guess my Twitter (and everything else) password of "redsox"
Errr, that's a joke folks!
Just go change it, preferably to a non dictionary word!
Brad Hanks
· 11 months ago
"This phishing thing is getting stupid fast" And it's morphing fast too. Just got a new DM promoting a site for a free iPhone.
Thanks Chris, just retweeted.
Ian Schafer
· 11 months ago
Here's some background on why Chris is asking you to do this...
Just FYI (I know you didn't mention SocialToo, but since you have in the last week I wanted to make others aware), the ONLY thing SocialToo.com requires the password for is auto-dm and auto follow/unfollow. If you don't want those services, please, sign up without your Twitter password (we do require the username if you want to block dms or get the nightly stats e-mail). I am fighting Twitter *hard* on the dev lists to require more than basic auth for their API. I'm going to try to make that more clear in our registration.
Oh, and btw, if Twitter doesn't do anything soon, I've got a feature I'm going to release that will hopefully help put an end to these worms. Stay tuned and I'll let you know if I do it. (oh, and donate so I can keep adding features like this! I aim to please you, Chris.) :-)
Sunny Suggs
· 11 months ago
Oh, a non dictionary word. I'll use "gullible" then.. I heard that's not in there.
Thanks!
Michael Bennett Cohn
· 11 months ago
I haven't done anything or had any problems lately that leave me to believe that I should change my Twitter password. I think that in a case like this, it would make sense for you to provide a bit more explanation. I know there's a phishing scheme afoot, but not all of us fell for it.
Eva
· 11 months ago
I clicked the link, did NOT login. Thought I was safe. Spread the word about the phishing expedition.
Came back today and could NOT login to my twitter account! I had to reset my password anyway.
Should have done it anyway last night, just to be on the safe side.
Thanks, Chris.
Natalie
· 11 months ago
I said it on Twitter and I'll say it here -- Why on earth do people get to into their twittemperature, a cool site about them, blah blah blah. It takes 5 seconds to create your own narcissistic blog -- so many moms on blogger do!
Myron Tay
· 11 months ago
Sounds simple enough. Am so not going to trust another twitter based service that requires my password.
chrisbrogan
· 11 months ago
Remember, it's not whether you clicked the link. It's whether you used a 3rd party app.
Sprite
· 11 months ago
Just sending a *hug*, Chris. The phishing/spam/dumbshit internet usage is high speed suckage. I can only imagine the number of times you've been hit now. So sorry. *more hugs*
Robert Rowe
· 11 months ago
It's just a good habit to change your passwords regularly, phishing or not. I know (myself included) that most of us don't. After the recent Facebook spam (very similar to the current Twitter garbage), I started changing passwords on everything I log into. It sounds counterintuitive, but write them down (pencil & paper), and keep that safe. It's less likely that someone will break into your house to steal your passwords.
LinksMonkey
· 11 months ago
Give a man a phish & you can lure him to a bogus Web site & steal his personal information. Teach a man to phish & he'll lure you to a bogus Web site, steal your personal information, seduce your wife & hurt your dog.
scott
· 11 months ago
What incenses me is Twitter doing a piss poor job of managing the situation. Bloggers and others have to do it for them. They couldn't simply delete the "phisher," instead they inconvenience everyone by warning them by saying, "Phishing just happens..."
How much VC money do they need to not get raped by a phishing scam?
scott
· 11 months ago
Oh, and how much does it take to make money?
Robert Rowe
· 11 months ago
The phisher isn't using *a* Twitter account. They took advantage of people clicking links and supplying login information to takeover innocent accounts to DM for them. Twitter definitely needs OAuth, NOW, but they are taking steps to lock accounts (until they reset their passwords).
Matthew Gilbert
· 11 months ago
I wonder if it's a coincidence that the phishing happened after Chris's blog about DMs and robots? Is this some kind of revenge? Is Skynet now active? In all seriousness, has Twitter provided a way to report the usernames of people from whom we received the DMs? That would be a first step to fixing this. I would suggest changing your password and not using ANY external apps until this DM issue settles down. Has anyone heard anything specific and/or useful from Twitter lately -- the silence is deafening.
It's like you are spreading fear instead of reason.
Right?
Thanks, --Steve
Steve Garfield
· 11 months ago
Thanks.
That helps.
Bryan Person | @BryanPerson
· 11 months ago
I received the dodgy DMs from someone I wasn't even following earlier today. Was smart enough (whew!) not click through. Any idea on the best way to report that user account?
Justin Razmus
· 11 months ago
I just recently started changing all of my passwords just to be safe. I guess we should all get in the habit of changing our passwords more frequently...
Chris, Good to see this warning from you. I started warning my friends during the day on Sunday.
Keep STRONG, Everyone! Vincent
Sky Minor
· 11 months ago
I wonder how much phishing we could eliminate if only two countries were to go dark...
Anyone guess which two?
One starts with N and has oil, the other starts with R and has oil.
@skyminor your answer!
randulo
· 11 months ago
Thanks for posting this, Chris although Steve was right to push you display more info. A couple of small disagreements here with comments.
1)Twitter has many faults (what site doesn't?) but they are not responsible for the links you may click on to get lured to a rogue site. People use AV and think they're safe, but most security experts will tell you that the biggest danger is now from web sites and scripts on same.
2) There are a couple of countries that are apparently the source of most wicked schemes and spam on the Net, but they are not necessarily the originators of of said schemes or spam. There will always be drones in bot networks and they can just as easily be in the USA as anywhere at all. Granted, in the case of spam servers, blocking two countries would do wonders. Unfortunately, one can't do this if there is the slightest possibility of international business from said countries.
sophie
· 11 months ago
Chris, I like when you talk dirty in a Holy Hell sort of way :D I want to be able to just turn off my DM function all together...does anyone know how to do this? Twitter is for shouting tweets/links or else send me a private email but forget DM's they are so annoying IMHO. http://thedogsdish.posterous.com/social-network...
Rob Enslin
· 11 months ago
Thanks Chris - done it. Email phising has a new friend... Twitter phising. I like your approach: no tip toeing around this issue - just do it and do it now!
Ted Demopoulos
· 11 months ago
Remember passwords are like toothbrushes. They should be changed often and never shared.
Of you could say they are like underware :)
Seo Keeper
· 11 months ago
I did it and tweet this post... thanks a lot
Susan
· 11 months ago
For past 20 hours (yesterday) Twitter is not sending notifications to email regarding DMs or followers, but the are showing up on twitter account. I have changed both passwords several times the past week ... It appears that Twitter has been compromised somehow from main site.
Blog Expert
· 11 months ago
This is getting pretty pathetic. Everyone should know that they should always worry about who they are giving their passwords too.
Merch
· 11 months ago
Done did the do! Thanx!
Adam Singer
· 11 months ago
Great advice, done!
Clare Evans
· 11 months ago
Be wary of giving your password to ANY apps that are out there - where there's a password (will) there's a way. If they can get into your data they will. We're pretty familiar with the standard phishing scams but need to be extra cautious about what else might be phished.
@clarevans
@joeolson14
· 11 months ago
I did do that but i also think it's a good idea to send a message to those accounts that are hacked, that are sending you the phishing DM's telling them that they've been hacked.
Sara Aase
· 11 months ago
Done. Why is there no https on the settings/password page in Twitter? Disturbing.
Natalie
· 11 months ago
Done! Until I read your post, I didnt' know that using 3rd parties could have led to this. I'll do what you said and RT the hell out of this link!
ani625
· 11 months ago
Couldn't have come at a better time! Context: Twitter monday hacking madness ;)
Vaibhav Gadodia
· 11 months ago
Well, this post finally made me move. Though I had not fallen for the phishing scam, but I have in the past given my twitter credentials (however begrudgingly) to third party sites (one actually, for auto-tweeting my posts).
Phew! I thought I was the only one who's a little paranoid about this.
Jon Bergan
· 11 months ago
It's a shame that it came to this - I guess it was bound to pop up. I recently developed a Twitter plugin for WP which allows users to post directly from a blog to Twitter, however it asks for their username/password. I am sure there is going to be some user trust related issues now with such a plugin due to these issues. Ugh!
am21com
· 2 months ago
very nice blog . it is very helpful to all internet user keep on update wish u best of lick and also visit my site http://adsensetips4money.blogspot.com/
All Comments
I think I speak for many when I say it's great to see "holy hell" in your writing. Way to irreverently spice things up! I'll RT.
It's sad that so many "web savvy" adults have forgotten so quickly that not everybody is a lovely person hoping to connect for the right reasons.
Mind if I repost this on http://helpviatwitter.com as well? Full acknowledgment of course and link.
Cheers mate..
BTW, I'm in Vegas right now. Took a Qik of my room. Just search for jeffcutler on qik - AMAZED at what I traded my lousy Disney timeshare week for.
DM me if you want to grab a bite. Interviews every day of the week (starting tomorrow AM), but will have some time around those to eat and poke around Vegas.
And I don't fall for phishing ;)
Thanks for this post. This piece of advice makes so much sense. I am changing all of my passwords.
Thanks again!
-Mig
Then again, no one will every guess my Twitter (and everything else) password of "redsox"
Errr, that's a joke folks!
Just go change it, preferably to a non dictionary word!
Thanks Chris, just retweeted.
http://news.cnet.com/8301-1009_3-10130566-83.html
Oh, and btw, if Twitter doesn't do anything soon, I've got a feature I'm going to release that will hopefully help put an end to these worms. Stay tuned and I'll let you know if I do it. (oh, and donate so I can keep adding features like this! I aim to please you, Chris.) :-)
Thanks!
Came back today and could NOT login to my twitter account! I had to reset my password anyway.
Should have done it anyway last night, just to be on the safe side.
Thanks, Chris.
It sounds counterintuitive, but write them down (pencil & paper), and keep that safe. It's less likely that someone will break into your house to steal your passwords.
Teach a man to phish & he'll lure you to a bogus Web site, steal your personal information, seduce your wife & hurt your dog.
How much VC money do they need to not get raped by a phishing scam?
Matthew Gilbert
@doctorious
doctorious.org
Could you amend your post to include this link to Chris Pirillo's post explaining what is going on?
http://chris.pirillo.com/2009/01/03/phishing-sc...
Your post is more inflamatory than explanatory.
It's like you are spreading fear instead of reason.
Right?
Thanks,
--Steve
That helps.
-Justin
http://blog.twitter.com/2009/01/gone-phishing.html
Good to see this warning from you. I started warning my friends during the day on Sunday.
Keep STRONG, Everyone!
Vincent
Anyone guess which two?
One starts with N and has oil, the other starts with R and has oil.
@skyminor your answer!
1)Twitter has many faults (what site doesn't?) but they are not responsible for the links you may click on to get lured to a rogue site. People use AV and think they're safe, but most security experts will tell you that the biggest danger is now from web sites and scripts on same.
2) There are a couple of countries that are apparently the source of most wicked schemes and spam on the Net, but they are not necessarily the originators of of said schemes or spam. There will always be drones in bot networks and they can just as easily be in the USA as anywhere at all. Granted, in the case of spam servers, blocking two countries would do wonders. Unfortunately, one can't do this if there is the slightest possibility of international business from said countries.
I want to be able to just turn off my DM function all together...does anyone know how to do this? Twitter is for shouting tweets/links or else send me a private email but forget DM's they are so annoying IMHO.
http://thedogsdish.posterous.com/social-network...
I like your approach: no tip toeing around this issue - just do it and do it now!
They should be changed often and never shared.
Of you could say they are like underware :)
@clarevans
Context: Twitter monday hacking madness ;)
No more. I have changed my password, but since I still wanted to auto-tweet, I did this: http://blog.gadodia.net/twitter-safety-with-win...