I personally received the following direct message on Twitter from someone I know quite well:
hey! check out this funny blog about you…
It’s a link to a fake blogspot URL that redirects to a phishing URL for Twitter, it looks the same as the real login page but the actual URL is:
http://twitterblogs.access-logins.com/login (WARNING THIS IS A PHISHING SITE)
If you visit the page you’ll see a Phishing warning from Firefox.
Later on I also received the following DMs on Twitter.
hey look at this funny blog http://rosalierebyb.blogspot.com/
fixed it.. hehe here is that blog i wanted to show you
You’ll notice in the last one that they have moved to using the direct Phishing URL rather than the blogspot as Google closed down the blogspot account used for Phishing.
It seems quite widespread meaning a lot of people have fallen for this and there are a lot of compromised Twitter accounts out there.
There’s some good info on the whole thing here:
If you have received any of the above or similar direct messages from anyone on Twitter do let them know and inform them they should change their password ASAP.
SANS/ISC have also mentioned it here:
And the folks over at Twitter have blogged about it too: