Gullible Twitter users hand over their usernames and passwords - did you get your Twitterank yet?!

Gullible Twitter users hand over their usernames and passwords - did you get your Twitterank yet?!

Summary: Mana from the heavens for cloud sceptics - on a day a lot of professional photographers lost all their images due to the failure of photo hosting site Digital Railroad which went under - as Twitter users fanned their egos en masse to parade their 'twitterank' to their followers.Twitterrank has no apparent purpose beyond a sketchy numerical rating, and there are rumors circulating on Twitter this afternoon that it is basically a fishing expedition.

SHARE:
20

Mana from the heavens for cloud sceptics - on a day a lot of professional photographers lost all their images due to the failure of photo hosting site Digital Railroad which went under - as Twitter users fanned their egos en masse to parade their 'twitterank' to their followers.

Twitterrank has no apparent purpose beyond a sketchy numerical rating, and there are rumors circulating on Twitter this afternoon that it is basically a fishing expedition.

I picked up on this after seeing Tantek Çelik retweet:

@t RT @brianoberkirch Twitterank is a vast conspiracy I created to steal all of ur passwords + shame Twitter into OAuthing. + make u look vain.

At the time of this writing I'm not sure what's going on with Twitterank, but I have to say it is amazing how promiscuous web app users can be with their security details.

This sort of vanity time wasting harms Twitter's credibility as a useful collaboration and communication tool and adds credence to many IT professional's doubts about the security of online transactions.

The 'Twitterank algorithm is vewy vewy secwet' - your login details should be as well!

Have you got your twitterank yet and did you read the FAQ to see how secure this was?

Update: a screenshot of the source code by @nateritter (thanks @flashman for the tweet alerting me to this).

Not the most encouraging of images, might be worth changing your password if you checked your twitterank...

Topics: Cloud, Social Enterprise

About

Oliver Marks leads the Global Digital Enterprise Team at HP, having previously provided seasoned independent consulting guidance to companies on effective planning of business strategy, tactics, technology decisions, roll out and enduring use models that make best use of modern collaborative and social networking tools to achieve their business goals.

These are Oliver's views and not those of his employer HP.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

20 comments
Log in or register to join the discussion
  • Twitterank

    Really, what is the purpose of Twitterank? It's not
    like this guy is going to be making money off of the
    app, right?
    Lacy Kemp
  • RE: Gullible Twitter users hand over their usernames and passwords - did yo

    Hey Oliver,

    I know the guy who built it. His name is Ryo. He used to
    work at Yahoo!

    You can email him at ryo@iloha.net if you're interested in,
    you know, talking to the fellow.

    Or you can read the FAQ and get some of the answers.
    Both would probably be better than writing a blog post
    based entirely on speculation.

    Cheers,
    Jesse
    farmerje
  • RE: Gullible Twitter users hand over their usernames and passwords - did you get your Twitterank yet?!

    I read the FAQ, they are linked in the article.
    @...
    • RE: Gullible Twitter users hand over their usernames and passwords - did yo

      Oliver,

      Great. Next step: talk to the guy. ryo@iloha.net

      Cheers,
      Jesse
      farmerje
  • RE: Gullible Twitter users hand over their usernames and passwords - did yo

    Hihi, people really used a serious password with twitter? Phishing? Seriously! And then they can be me on Twitter? How about changing your password either before or after using any Twitter related application?

    What is really going on is a demonstration how an idea can spread around the twitter net globally. If someone hast gotten Twitter yet, just watching the rate in which people are curious and post back to the their account.
    http://search.twitter.com/search?q=twitterank
    just watch it increasing the new messages count while you are looking at it.
    birgit.pauli@...
    • Wow!

      [i]just watch it increasing the new messages count while you are looking at it.[/i]

      If I ever get tired of watching paint dry, that'll be my next fascination.
      MGP2
  • RE: Gullible Twitter users hand over their usernames and passwords - did you get your Twitterank yet?!

    A sensible way to use it, if you feel so inclined, is to change your password, update your rank, then change your password back, (or again - to something else.)

    Something else to watch for - people putting phony tweets up with outrageous numbers for their twitter rank. They are relatively easy to spot and even easier to check.
    billaustin
  • RE: Gullible Twitter users hand over their usernames and passwords - did yo

    What you also can see is how a story like this spreads around the globe, too:-)
    http://search.twitter.com/search?q=http%3A%2F%2Ftinyurl.com%2F6kmgul
    birgit.pauli@...
  • RE: Gullible Twitter users hand over their usernames and passwords - did you get your Twitterank yet?!

    And the stories and blog posts are also starting to spread widely.

    http://www.evliving.com/2008/11/12/1669/twitterank-what-is-twitterank/

    http://news.google.com/news?q=twitterank

    http://blogsearch.google.com/blogsearch?q=twitterank

    http://www.google.com/search?q=twitterank
    billaustin
  • Screenshot of code

    Well the creator is either stealing your usernames and passwords (and blatantly telling everyone so) or he's an idiot and left stupid code comments that say he is..... either way, definitely looks like he's either an idiot, or shady.

    screenshot at http://twitpic.com/lfm9 and http://flickr.com/photos/theritters/3026279256/
    nate@...
    • Doesn't say he's stealing passwords

      He's not blatantly saying he's stealing passwords.
      Looks to me like he considered reminding users to
      really evaluate how much they trust a 3rd party asking
      for your password. And he's 100% right...you SHOULD be
      afraid.
      Lisa.Brewster
  • RE: Gullible Twitter users hand over their usernames and passwords - did yo

    Interestingly enough a similar application
    Twitter Influence (http://twinfluence.com/)
    has gotten much more positive reaction.

    http://www.socialmediatoday.com/SMC/51786
    and is trade like a secret... Does the same thing

    I guess Oliver Marks doesn't know much about Twitter...
    birgit.pauli@...
  • RE: Gullible Twitter users hand over their usernames and passwords - did yo

    Hey Oliver,

    Ryo, the founder of TwitterRank, addressed several of your
    concerns, here: http://twitterank.wordpress.com/2008/11/13/some-
    follow-up/

    I trust you'll update your blog post to reflect the new
    information,

    Best,
    Jesse
    farmerje
  • 1st Tweets

    A chart... http://tweetip.us/lkvhi
    tweetip
  • RE: Gullible Twitter users hand over their usernames and passwords - did you get your Twitterank yet?!

    ummmm....seriously folks, chill. There are many other Twitter APIs that ask for passwords that have existed for months now, and there have been no reports of mass pw stealings from them. Check out Twinfluence and Twitter Grader.

    He explains it on the home page. The problem is need for OAuth from the Twitter folks.

    All this attention is creating mass twisteria!
    jbhertel
  • RE: Gullible Twitter users hand over their usernames and passwords - did yo

    Read: Louis Gray http://www.louisgray.com/live/2008/11/twitterank-can-have-my-password-no.html

    That's Journalism.
    birgit.pauli@...
  • You gotta see twitterawesomeness...

    It was up today just minutes after twitterrank hit the twitscoop cloud... fast work, and a hilarious site !

    http://twitterawesomeness.com/
    I'm in ur Twitterz, stealin ur credz!

    It was created by @dacort:
    Prof. Computer Security Consultant with a passion for breaking things and generating statistics (see http://tweetstats.com and http://ratemytalk.com).
    Location: Seattle, WA
    Web: http://startupsecurity.info
    Twitter: twitter.com/dacort
    Dave21212
  • RE: Gullible Twitter users hand over their usernames and passwords - did you get your Twitterank yet?!

    The herd and ego in social media make for a scary combination. Herd mentality to social media shiny objects & rankings in general amuse me
    AdamZand
    • That must be why this starts with TWIT?

      Amen AdamZ !
      jhimes
  • RE: Gullible Twitter users hand over their usernames and passwords - did you get your Twitterank yet?!

    I was had! Just changed my password too!!
    TeasasTips