Right then, over the past couple of days some of you may have noticed 'me' spamming your twitter timeline with things like "Check out this article! I made $150 today! http://t.co/" and a url on the end there. Well as you can imagine, this wasn't me. And I was INCREDIBLY angry at this, as I'm usually very careful about security, what I login to, what permissions things get, etc.
Now the first time it happened, in my anger I just deleted the post, THEN started looking at how/why/where, etc. Well this isn't the best way to do things as any security analyst will tell you, as you've just destroyed the evidence and also any trace that you can use to find out where/how it got there.
Well today at 13:23:33 it happened again, so this time, quickly jumped onto the twitter website, looked at my timeline and clicked the entry, to try and find out what/how I supposedly posted the article. Well interestingly it said "twitter mobile web". Hmm, thats an application by twitter themselves, like a cut-down web version of their service, based at mobile.twitter.com Thats not good news then! Well first thing I did, went to my twitter profile, went to Applications and revoked access to that.
So hopefully that has stopped the timeline spam, but thats got me curious, whats been using my web API to send these messages. Since twitter probably won't give me access to the logfiles, then chances of tracking it down are slim, but I'm still going to do a little background digging.
One is not amused!