One of the trending topics today on Twitter was “Twitviewer” becuase of a site called Twitviewer[d0t]net which asks visitors to enter in your Twitter user id and password to find out who is “stalking” you. When you do, you get a sample of people on Twitter that are not even following you as stated in this Mashable post. The app also sends out a tweet using your credentials stating: “Want to know whos stalking you on twitter!?: hxxp://TwitViewer[d0t]net”. If you did fall victim to this you better change your password ASAP! Check out the screenshot of the site before it was taken down…yeah, phishy indeed.
Who knows what the developers of this application were planning (malicious or others). Regardless, you should never give a third party site (especially ones that look phishy like this one) your Twitter credentials. In fact, I recommend you only use third party Twitter sites that use OAuth for authenticating you to Twitter. That way you don’t have to give your credentials to the web site and worry about them being compromised. Also, look to see what the purpose of the site is before you give the jewels away…if it’s a way to see who’s following you, enter credentials to get millions of followers, etc…then it’s probably a scam or just completely useless.
Think about this. If the developer of a site like this wanted to they could easily use your captured Twitter credentials and start trying them on other social networks and/or web mail services. They can then use these credentials for anything else they wanted. Unfortunatly, most users of these sites use the same password for everything. Again, this is a reminder to use a password manager if you are one of those that use the same user id/password for everything. See this article for more information on password managers and social media web sites.