Twitter warning: your account data is being sold

January 1, 2009 By

You iknow the spammer? Twply? Well, it’s worse than it seems. They now have your user name and password and are looking to sell your data to the highest bidder.

Twitter needs a real third-party authentication system and it needs it now. Thanks to Mark Trapp and other friendfeeders for bringing this to my attention.

Filed Under: technology industry Tagged With: , ,
Older Comments
Newer Comments
  • http://twply.com/ Twply

    The site was sold due to our server ability to hand the high load. Everyone can say what they want.

  • http://twply.com/ Twply

    The site was sold due to our server ability to hand the high load. Everyone can say what they want.

  • http://twply.com/ Twply

    The site was sold due to our server ability to hand the high load. Everyone can say what they want.

  • http://twply.com/ Twply

    The site was sold due to our server ability to hand the high load. Everyone can say what they want.

  • http://twply.com/ Twply

    The site was sold due to our server ability to hand the high load. Everyone can say what they want.

  • http://twply.com/ Twply

    The site was sold due to our server ability to hand the high load. Everyone can say what they want.

  • http://twply.com/ Twply

    The site was sold due to our server ability to hand the high load. Everyone can say what they want.

  • http://twply.com Twply

    The site was sold due to our server ability to hand the high load. Everyone can say what they want.

  • Mizcity

    Besides changing your password immeadiately, what else can be done to protect your info?

  • Mizcity

    Besides changing your password immeadiately, what else can be done to protect your info?

  • Mizcity

    Besides changing your password immeadiately, what else can be done to protect your info?

  • Mizcity

    Besides changing your password immeadiately, what else can be done to protect your info?

  • Mizcity

    Besides changing your password immeadiately, what else can be done to protect your info?

  • Mizcity

    Besides changing your password immeadiately, what else can be done to protect your info?

  • Mizcity

    Besides changing your password immeadiately, what else can be done to protect your info?

  • Mizcity

    Besides changing your password immeadiately, what else can be done to protect your info?

  • Mizcity

    Besides changing your password immeadiately, what else can be done to protect your info?

  • http://techmiso.com/ Scott Jarkoff

    The site was sold due to our server ability to hand the high load.

    Exactly how has your service been able to clearly demonstrate that it can “hand (sic) the high load?” I find it hard to believe Twply has a really good understanding about what a true high load is. Such a claim seems purely suspect.

    Everyone can say what they want.

    Welcome to the blogosphere, where people can and will say what they want. If you are interested in turning the drama in to good will then you might consider answering some of the many lingering questions:

    1. Why does Twply have no privacy policy posted?
    2. Why does Twply have no terms of service posted?
    3. Why does Twply require Twitter passwords when you can merely convert user RSS feeds and email those. Finding @replies is as easy as using the Twitter API, which does not require a users password for most functionality.
    4. Does Twply store Twitter user passwords unencrypted, encrypted or hashed?

    Until you start answering questions with honest answers, expect the ill-will to continue. My $0.02 anyhow. :-)

  • http://techmiso.com/ Scott Jarkoff

    The site was sold due to our server ability to hand the high load.

    Exactly how has your service been able to clearly demonstrate that it can “hand (sic) the high load?” I find it hard to believe Twply has a really good understanding about what a true high load is. Such a claim seems purely suspect.

    Everyone can say what they want.

    Welcome to the blogosphere, where people can and will say what they want. If you are interested in turning the drama in to good will then you might consider answering some of the many lingering questions:

    1. Why does Twply have no privacy policy posted?
    2. Why does Twply have no terms of service posted?
    3. Why does Twply require Twitter passwords when you can merely convert user RSS feeds and email those. Finding @replies is as easy as using the Twitter API, which does not require a users password for most functionality.
    4. Does Twply store Twitter user passwords unencrypted, encrypted or hashed?

    Until you start answering questions with honest answers, expect the ill-will to continue. My $0.02 anyhow. :-)

  • http://techmiso.com/ Scott Jarkoff

    The site was sold due to our server ability to hand the high load.

    Exactly how has your service been able to clearly demonstrate that it can “hand (sic) the high load?” I find it hard to believe Twply has a really good understanding about what a true high load is. Such a claim seems purely suspect.

    Everyone can say what they want.

    Welcome to the blogosphere, where people can and will say what they want. If you are interested in turning the drama in to good will then you might consider answering some of the many lingering questions:

    1. Why does Twply have no privacy policy posted?
    2. Why does Twply have no terms of service posted?
    3. Why does Twply require Twitter passwords when you can merely convert user RSS feeds and email those. Finding @replies is as easy as using the Twitter API, which does not require a users password for most functionality.
    4. Does Twply store Twitter user passwords unencrypted, encrypted or hashed?

    Until you start answering questions with honest answers, expect the ill-will to continue. My $0.02 anyhow. :-)

  • http://techmiso.com/ Scott Jarkoff

    The site was sold due to our server ability to hand the high load.

    Exactly how has your service been able to clearly demonstrate that it can “hand (sic) the high load?” I find it hard to believe Twply has a really good understanding about what a true high load is. Such a claim seems purely suspect.

    Everyone can say what they want.

    Welcome to the blogosphere, where people can and will say what they want. If you are interested in turning the drama in to good will then you might consider answering some of the many lingering questions:

    1. Why does Twply have no privacy policy posted?
    2. Why does Twply have no terms of service posted?
    3. Why does Twply require Twitter passwords when you can merely convert user RSS feeds and email those. Finding @replies is as easy as using the Twitter API, which does not require a users password for most functionality.
    4. Does Twply store Twitter user passwords unencrypted, encrypted or hashed?

    Until you start answering questions with honest answers, expect the ill-will to continue. My $0.02 anyhow. :-)

  • http://techmiso.com/ Scott Jarkoff

    The site was sold due to our server ability to hand the high load.

    Exactly how has your service been able to clearly demonstrate that it can “hand (sic) the high load?” I find it hard to believe Twply has a really good understanding about what a true high load is. Such a claim seems purely suspect.

    Everyone can say what they want.

    Welcome to the blogosphere, where people can and will say what they want. If you are interested in turning the drama in to good will then you might consider answering some of the many lingering questions:

    1. Why does Twply have no privacy policy posted?
    2. Why does Twply have no terms of service posted?
    3. Why does Twply require Twitter passwords when you can merely convert user RSS feeds and email those. Finding @replies is as easy as using the Twitter API, which does not require a users password for most functionality.
    4. Does Twply store Twitter user passwords unencrypted, encrypted or hashed?

    Until you start answering questions with honest answers, expect the ill-will to continue. My $0.02 anyhow. :-)

  • http://techmiso.com/ Scott Jarkoff

    The site was sold due to our server ability to hand the high load.

    Exactly how has your service been able to clearly demonstrate that it can “hand (sic) the high load?” I find it hard to believe Twply has a really good understanding about what a true high load is. Such a claim seems purely suspect.

    Everyone can say what they want.

    Welcome to the blogosphere, where people can and will say what they want. If you are interested in turning the drama in to good will then you might consider answering some of the many lingering questions:

    1. Why does Twply have no privacy policy posted?
    2. Why does Twply have no terms of service posted?
    3. Why does Twply require Twitter passwords when you can merely convert user RSS feeds and email those. Finding @replies is as easy as using the Twitter API, which does not require a users password for most functionality.
    4. Does Twply store Twitter user passwords unencrypted, encrypted or hashed?

    Until you start answering questions with honest answers, expect the ill-will to continue. My $0.02 anyhow. :-)

  • http://techmiso.com/ Scott Jarkoff

    The site was sold due to our server ability to hand the high load.

    Exactly how has your service been able to clearly demonstrate that it can “hand (sic) the high load?” I find it hard to believe Twply has a really good understanding about what a true high load is. Such a claim seems purely suspect.

    Everyone can say what they want.

    Welcome to the blogosphere, where people can and will say what they want. If you are interested in turning the drama in to good will then you might consider answering some of the many lingering questions:

    1. Why does Twply have no privacy policy posted?
    2. Why does Twply have no terms of service posted?
    3. Why does Twply require Twitter passwords when you can merely convert user RSS feeds and email those. Finding @replies is as easy as using the Twitter API, which does not require a users password for most functionality.
    4. Does Twply store Twitter user passwords unencrypted, encrypted or hashed?

    Until you start answering questions with honest answers, expect the ill-will to continue. My $0.02 anyhow. :-)

  • http://techmiso.com/ Scott Jarkoff

    The site was sold due to our server ability to hand the high load.

    Exactly how has your service been able to clearly demonstrate that it can “hand (sic) the high load?” I find it hard to believe Twply has a really good understanding about what a true high load is. Such a claim seems purely suspect.

    Everyone can say what they want.

    Welcome to the blogosphere, where people can and will say what they want. If you are interested in turning the drama in to good will then you might consider answering some of the many lingering questions:

    1. Why does Twply have no privacy policy posted?
    2. Why does Twply have no terms of service posted?
    3. Why does Twply require Twitter passwords when you can merely convert user RSS feeds and email those. Finding @replies is as easy as using the Twitter API, which does not require a users password for most functionality.
    4. Does Twply store Twitter user passwords unencrypted, encrypted or hashed?

    Until you start answering questions with honest answers, expect the ill-will to continue. My $0.02 anyhow. :-)

  • http://katawagner.blogg.no/ Kata Wagner Berg

    Well, can I just say Happy New Year between here`

    BUEK!

    Hei, hei, hei from Budapest :)

  • http://katawagner.blogg.no Kata Wagner Berg

    Well, can I just say Happy New Year between here`

    BUEK!

    Hei, hei, hei from Budapest :)

  • http://stut.net/ Stut

    There’s absolutely no need for a service such as this to require your password. And to prove it I built my own version, feel free to give it a try: http://replies.twitapps.com/

    No password required and absolutely no spamming!!

  • http://stut.net/ Stut

    There’s absolutely no need for a service such as this to require your password. And to prove it I built my own version, feel free to give it a try: http://replies.twitapps.com/

    No password required and absolutely no spamming!!

  • Pingback: TechMiso :: On Twply, Giving Out Your Password and Other Security Issues

  • http://kosso.wordpress.com/ kosso

    Can you imagine what people will say when places like ping.fm sell? (or just about any site which offers the ability to crosspost any content to another of your social networks/blogs.etc.)

    All your deets are belong to them.

  • http://kosso.wordpress.com/ kosso

    Can you imagine what people will say when places like ping.fm sell? (or just about any site which offers the ability to crosspost any content to another of your social networks/blogs.etc.)

    All your deets are belong to them.

  • http://kosso.wordpress.com/ kosso

    Can you imagine what people will say when places like ping.fm sell? (or just about any site which offers the ability to crosspost any content to another of your social networks/blogs.etc.)

    All your deets are belong to them.

  • http://kosso.wordpress.com/ kosso

    Can you imagine what people will say when places like ping.fm sell? (or just about any site which offers the ability to crosspost any content to another of your social networks/blogs.etc.)

    All your deets are belong to them.

  • http://kosso.wordpress.com/ kosso

    Can you imagine what people will say when places like ping.fm sell? (or just about any site which offers the ability to crosspost any content to another of your social networks/blogs.etc.)

    All your deets are belong to them.

  • http://kosso.wordpress.com/ kosso

    Can you imagine what people will say when places like ping.fm sell? (or just about any site which offers the ability to crosspost any content to another of your social networks/blogs.etc.)

    All your deets are belong to them.

  • http://kosso.wordpress.com/ kosso

    Can you imagine what people will say when places like ping.fm sell? (or just about any site which offers the ability to crosspost any content to another of your social networks/blogs.etc.)

    All your deets are belong to them.

  • Pingback: Twply Sold, Time to Change Your Twitter Password?

  • Pingback: Concerned about the Twply sale? You’re an idiot! — d8c.org

  • kbcolvin

    This is such a gray area. It’s very interesting for me to hear everyone’s comments, as I have a Twitter app in development called Twitterface that requires at least one account (of Twitter’s) to be entered in order to be able to use it. Additional accounts can be added so that the id/pw is stored for ease-of-use (since my application is specifically geared toward multi-accounts.)

    It is not yet released, and I have no plans to sell it once it is, but hypothetically, were I to sell it someday, it would most definitely include users names/passwords because that is what the site DOES (lets you access Twitter in a different way.)

    For those of us that make Twitter apps to utilize it plus combination with our own creativity, there is no other way (I don’t think) to do some of these things without requiring the id/pw. Apps like @mrtweet are able to look at public info and use an algorithm to give neat results. But if you are using an alternate client, such as Tweetdeck, Twitterific or my soon-to-launch Twitterface, there’s no other way at this time to do it.

    Given that, rather than throw the baby out with the bathwater, I think people should follow app creators on Twitter, look up reviews, and do as much due diligence as needed to feel comfortable before giving out your Twitter account info. I was already planning on privacy policy, etc. but I think some additional things are in order as well, based on this feedback, and I am going to be thinking about everyone’s concerns here a lot.

    I do not know the Twply creators, but I do have a lot of experience working with startups, and the simple fact is, many cool things can be created by people who don’t have all the information they need about launching a product. Therefore you might not see privacy policies, etc. It does not indicate bad intentions necessarily for these things to be missing – it may have been out of a lack of experience in doing something like this. Not sure.

  • kbcolvin

    This is such a gray area. It’s very interesting for me to hear everyone’s comments, as I have a Twitter app in development called Twitterface that requires at least one account (of Twitter’s) to be entered in order to be able to use it. Additional accounts can be added so that the id/pw is stored for ease-of-use (since my application is specifically geared toward multi-accounts.)

    It is not yet released, and I have no plans to sell it once it is, but hypothetically, were I to sell it someday, it would most definitely include users names/passwords because that is what the site DOES (lets you access Twitter in a different way.)

    For those of us that make Twitter apps to utilize it plus combination with our own creativity, there is no other way (I don’t think) to do some of these things without requiring the id/pw. Apps like @mrtweet are able to look at public info and use an algorithm to give neat results. But if you are using an alternate client, such as Tweetdeck, Twitterific or my soon-to-launch Twitterface, there’s no other way at this time to do it.

    Given that, rather than throw the baby out with the bathwater, I think people should follow app creators on Twitter, look up reviews, and do as much due diligence as needed to feel comfortable before giving out your Twitter account info. I was already planning on privacy policy, etc. but I think some additional things are in order as well, based on this feedback, and I am going to be thinking about everyone’s concerns here a lot.

    I do not know the Twply creators, but I do have a lot of experience working with startups, and the simple fact is, many cool things can be created by people who don’t have all the information they need about launching a product. Therefore you might not see privacy policies, etc. It does not indicate bad intentions necessarily for these things to be missing – it may have been out of a lack of experience in doing something like this. Not sure.

  • kbcolvin

    This is such a gray area. It’s very interesting for me to hear everyone’s comments, as I have a Twitter app in development called Twitterface that requires at least one account (of Twitter’s) to be entered in order to be able to use it. Additional accounts can be added so that the id/pw is stored for ease-of-use (since my application is specifically geared toward multi-accounts.)

    It is not yet released, and I have no plans to sell it once it is, but hypothetically, were I to sell it someday, it would most definitely include users names/passwords because that is what the site DOES (lets you access Twitter in a different way.)

    For those of us that make Twitter apps to utilize it plus combination with our own creativity, there is no other way (I don’t think) to do some of these things without requiring the id/pw. Apps like @mrtweet are able to look at public info and use an algorithm to give neat results. But if you are using an alternate client, such as Tweetdeck, Twitterific or my soon-to-launch Twitterface, there’s no other way at this time to do it.

    Given that, rather than throw the baby out with the bathwater, I think people should follow app creators on Twitter, look up reviews, and do as much due diligence as needed to feel comfortable before giving out your Twitter account info. I was already planning on privacy policy, etc. but I think some additional things are in order as well, based on this feedback, and I am going to be thinking about everyone’s concerns here a lot.

    I do not know the Twply creators, but I do have a lot of experience working with startups, and the simple fact is, many cool things can be created by people who don’t have all the information they need about launching a product. Therefore you might not see privacy policies, etc. It does not indicate bad intentions necessarily for these things to be missing – it may have been out of a lack of experience in doing something like this. Not sure.

  • http://rcrowley.org/ Richard Crowley

    http://github.com/rcrowley/django-twitterauth/tree/master

    I’ve started on a very hacky way to not steal a user’s Twitter credentials when making API calls. I’ve plans for more elegance but as it stands it will Just Work.

  • http://rcrowley.org/ Richard Crowley

    http://github.com/rcrowley/django-twitterauth/tree/master

    I’ve started on a very hacky way to not steal a user’s Twitter credentials when making API calls. I’ve plans for more elegance but as it stands it will Just Work.

  • http://rcrowley.org/ Richard Crowley

    http://github.com/rcrowley/django-twitterauth/tree/master

    I’ve started on a very hacky way to not steal a user’s Twitter credentials when making API calls. I’ve plans for more elegance but as it stands it will Just Work.

  • Pingback: Cristian Vat, Deathy, and other alter-egos » Blog Archive » How Change Happens

  • Pingback: Twitter and the Password Anti-Pattern | FactoryCity

  • http://www.theriverjordan.net/ spinnakerjksc

    Yikes. Good thing I don’t have any super-important information on there.

    Jordan.
    http://www.theriverjordan.net

  • http://www.theriverjordan.net/ spinnakerjksc

    Yikes. Good thing I don’t have any super-important information on there.

    Jordan.
    http://www.theriverjordan.net

  • http://www.theriverjordan.net/ spinnakerjksc

    Yikes. Good thing I don’t have any super-important information on there.

    Jordan.
    http://www.theriverjordan.net

Older Comments
Newer Comments