Email Harvesting Latest Twitter ProblemWritten by Sue Walsh on May 14, 2009
Twitter has become a valuable tool for businesses. Many now use it as a way to stay in touch with customers, enhance customer service, and as part of their marketing plan. However, as we’ve seen in the past few months, Twitter has also been a target of spammers and hackers. At first they used worms to do their dirty work, but now they’ve gone back to basics and are using Twitter’s own search tool to harvest email addresses.
How they do it is disturbingly easy. They simply do a search on the phrase “email me at” and/or on a specific domain or domains. An example would be something like: aol.com OR yahoo.com OR “email me at”. The result is a nice collection of email addresses ready for the spammer to add to his database.
“You can sit and just watch the email addresses steadily trickle in,” said Twellow’s lead developer Matthew Daines . “I wouldn’t doubt it if spammers are harvesting these. It would be trivial to write a script that gathers these addresses. They could have several hundred thousand over a few weeks at the rate they trickle in. The Twitter stream really weeds out all sorts of irrelevant data and cuts right to the email addresses within 140 characters, so it’s a lot less intense, and would require very little coding skill.”
Since Twitter’s TOS clearly states they are not responsible for what people put in their tweets, don’t look to them to do anything about the problem anytime soon. Instead, have your employees refrain from putting their emails in their tweets (tell them to ask to be DM’d instead), and don’t ask your customers to provide theirs. Direct Messaging is much safer. Don’t make a spammer’s job easier!