Reports are coming in that Grader, a web-linked app that allows Twitter users to receive multiple answers to a simple question made over the Twitter network, has been compromised, allowing hackers to misuse the app to generate spam.
Over the last few days, Grader users found themselves 'sending' a tweet (a Twitter message) that read: 'Biz Stone Promoting Twitter in 2006' and contained a link to a newly registered web domain that allegedly hosted a video of Biz Stone, one of Twitter's founders.
Unconfirmed reports suggest that the hacker(s) were merely attempting to boost the search rankings of a newly registered cash-generating website, Seonix.org.
Dharmesh Shah, the founder of Grader's parent firm, HubSpot, said his company was blocking the unauthorised messages, posting a Twitter response last night saying: "Working on major issue causing some unauthorized user to tweet on behalf of Twitter Grader users. Sorry folks. We're on it."
A revised version of the Grader app was posted online overnight and has been auto-updating to Twitter users since then, Infosecurity understands.
Commenting on the Grader problems, Rik Ferguson, a security consultant with Trend Micro, said that Twitter users caught a break this time because the Seonix.org website is not malicious.
In his blog postings, Ferguson said that, if they had wanted to, the hackers could have tried to install unauthorised software such as a trojan on the machines of anyone who clicked on the Seonix.org link.
"It's not clear how many people use the Grader.com service, but the company's Twitter account is followed by more than 50,000 people. The hack shows why hackers are increasingly interested in social media and the applications that work on sites such as Twitter and Facebook", he said.
Late last night UK time, a blog entry from Mike Volpe of HubSpot said: "We are very sorry for the mistake. It is completely our fault... we have contained the situation and stopped the malicious tweets."
"We do want to make clear that by design, the HubSpot software applications are on different servers and systems from our free Grader.com tools. This attack did NOT affect the HubSpot software used by our 2100 customers. Again, there is no impact on our paid product or paying customers", he said.