Twitter Grader Hack Highlights Social Network Spam Risks

The security of social networks was thrust into the spotlight yet again this week with the successful hack of the Twitter Grader application run by Hubspot, a maker of social media and internet marketing tools.

The Twitter Grader application uses an algorithm to calculate, or grade, a Twitter user’s ranking among their peers.  This type of tool has been very popular with Twitter users who willingly grant access to their Twitter accounts for websites that offer this type of ego-feeding information.

The compromise resulted in thousands of unauthorized messages being sent from Grader users’ Twitter accounts containing a link to a web page that hosted an embedded video.  The content turned out to not be malicious and it has been speculated that this was an attempt to increase the search engine rankings of the website.

The hack was quickly acknowledged by Hubspot who proceeded to take down the Grader application while they investigated the issue.  Grader users are advised to revoke access for Grader to their Twitter accounts and also to consider changing their account password.In this particular incident the fallout is mainly embarrassment for Hubspot and some disgruntled users.  With no serious data breach of Hubspot’s paid customer base the matter will quickly fade into the background with no ongoing attention paid to it.

The potential impact of these sorts of breaches cannot be ignored.  Social networks carry a much higher degree of trust between relative strangers than other online communications.   One of the most popular users of these networks is sharing of interesting links, often masked by URL shortening services.

Simply put, the timing of the unauthorized message may have meant that it was sent by a particular user while they were conversing with an online friend and sharing a series of links with each other.  In that situation the recipient would not hesitate in clicking the spam link as well.

If the link was to a malicious web page that contained a web browser exploit then the number of compromised computers from this one hack would have been enormous.  The sad fact is that many computers connected to the web use outdated, unpatched operating systems, web browsers and other applications.  Even those that are completely up to date may have undisclosed vulnerabilities that hackers can exploit before security researchers can discover and patch them.  One of the most common exploits today is using PDF files.

For a home user a compromised computer can be a moderate inconvenience.  For a business network a compromised computer can be a major disaster.

So what can be done about these threats to businesses?

Technical Solutions – filtering of social networks to only approved users, blocking of URL shortening sites, and real-time scanning of file downloads.

Human Solutions – the cornerstone of any network’s security is the level of awareness of the end users to the potential threats that are out there.