Hijacking of Facebook and Twitter accounts by questionable e-commerce sites is becoming more of an issue, and it can take days for users to realize their accounts have been compromised, The New York Times reports.
The accounts are compromised either due to unsafe passwords or when users click on links sent by other users who were already victimized, according to the Times, and the sites behind the problems are attempting to earn money via referral fees from directing unsuspecting users to sketchy e-commerce sites.
One recent victim, Matt Marquess, who works for a public-relations firm in San Francisco, told the Times he had unwittingly been bombarding his Twitter followers with messages offering $500 gift cards to Victoria’s Secret, and he only found out when a professional acquaintance emailed him. He told the Times, “No one had said anything to me. I thought, ‘How long have I been Twittering about underwear?'” It turns out that he was victimized because his password was “abc123.”
Another victim, Rocky Barbanica, a producer for Internet storage firm Rackspace Hosting, told the Times he realized that he had unintentionally sent messages to 250 Twitter followers with a link and the question, “Are you in this picture?” If they clicked the link, their Twitter accounts were compromised in the same way.
He sent a message to his Twitter followers that read, “I have been hacked; taking evasive maneuvers. Much apology, my friends,” and told the Times, “I took it personally, which I shouldn’t have, but that’s the natural feeling. It’s insulting.”