TweeterGetter? Twitter Password Harvester!
Sat 14 Feb 2009In the past three days, tens of thousands of Twitter users have visited tweetergetter.com and subscribed to its promise of 19,530 new followers in 30 days. They are signing up in droves. A Twitter search for “tweetergetter” shows them all rolling in.
Is it just me or do other people think that filling in this form hands over your Twitter username and password to a spammer - or worse?
Some folks should be changing their passwords about now.
———————
Update: 16-Feb-09
Gary McCaffrey assures me he is not collecting passwords, just usernames. As I see it, this is like collecting e-mail addresses for use in future spam campaigns.
Twitter is going to be a very ugly place when McCaffrey starts selling his list to the likes of Bruce Wagner (see An Army of ReTweet-Bots… ).
———————
Update: 17-Mar-09
I removed the active link to tweetergetter.com above because some folks have reported that tweetergetter.com now has an Exit Blocker. In other words, as you try to leave the site, a confusing dialog pops up and you are taken to another web page with more marketing rubbish.
February 14th, 2009 at 11:04
[sarcasm]I hope you haven’t handed over your password to any of the following either.[/sarcasm]
TweetLater
Tweetdeck
New Follow Notify
Your Twitter Karma
twickly
TwitPic
Should I go on?
February 14th, 2009 at 11:31
Hi JaceMan. You are quite correct. I have not handed over my password to any of these.
February 14th, 2009 at 11:42
That’s definitely good to know Mike. And if I search your blog I’ll find similar blog posts about those sites/services being password harvesters too, right? And warnings that their users change their passwords quickly? Of course I will, because I know we’re not on a cynical “witch hunt” just picking on one man.
Anyway, thanks for publishing my comment, at least.
February 14th, 2009 at 12:06
Hi JaceMan, as I said on your blog, I would investigate the background of anyone asking for my password very carefully.
My investigation of “Gary McCaffrey” didn’t turn up anything to instill confidence. Do you know more than I do about him?
February 14th, 2009 at 13:37
It’s called Slander…
What you’re doing.
February 14th, 2009 at 13:58
Thank you for your thoughtful comment Bruce.
February 14th, 2009 at 14:13
Mike,
It’s always good practice to change your password if you believe there’s any possibility that it may have been compromised.
That said, I’m not sure on what evidence you’re basing the claim, or why you think someone would attempt to harvest Twitter passwords in that way.
After all, if the harvested passwords were actually used on any significant scale to hijack accounts, it would take Twitter about two seconds to figure out that all of the hundreds or thousands of near-simultaneous “I’ve been hacked!” complainers had two things in common — that they all had (or had at one time had) GaryMcCaffrey in their “follow” list and that they had all retweeted the promo message, indicating they had used the web form in question.
After which, of course, there would be not much beyond orange coveralls, perp walks, etc. in Mr. McCaffrey’s immediate future.
He doesn’t strike me as stupid. He likely knows the near-certain outcome of the project you’re suggesting.
At this point, I still think TweeterGetter is exactly what he rolled it out as: A clever Internet marketing scheme. He gets something (a new follower to pitch future things at) out of every transaction, and also up-sells to some of those new followers right off the bat.
Regards,
Tom Knapp
February 14th, 2009 at 16:25
Thanks, Thomas.
What made me suspicious is the *lack* of evidence that Mr McCaffrey is NOT a Nigerian.
His Twitter profile says…
Name Gary McCaffrey
Location Belfast
Web http://www.instant-affiliate-generator.com/
Bio Full Time Internet Marketer
I couldn’t see any contact details on instant-affiliate-generator.com. How is anybody to know that they are dealing with a real person and/or a legitimate company and not the Russian Mafia?
Any scam might not be perpetrated on Twitter. Some people, I’m sure, use the same password on their Facebook / MySpace / maybe even bank accounts.
February 14th, 2009 at 19:01
And what’s wrong with Russian Maffia? We are people, just like everybody else
J/K. Interesting read here.
February 14th, 2009 at 19:07
Probably not the Russian Mafia, Mike, but I share your concern about this one. Even thougth Gary McCaffrey is an established internet marketer, what he is established in doesn’t inspire me. I believe he launched Sales Bot Generator - that really annoying app that tries to prevent you leaving a site. There was www.webcashmachine.com, which now seems defunct. Just in the last couple of days McCaffrey has posted on Warrior Forum with a sig that includes a link to a “Magic / Hypnosis Affiliate Program Converts As High As 1 in 15″ http://tinyurl.com/abdeoc . This program uses “Derren Brown Style Psychological Mind Control”. McCaffrey’s post itself appears to attempt to block criticism of a scheme in which “newbies can earn $5,000 per month 100% guaranteed”. http://tinyurl.com/bk7fnw .
Now as somebody else said http://knappster.blogspot.com/ ‘One of the constant proverbs of Internet marketing is “the money is in the list.” … Of course, in the chain letter mechanism, Gary McCaffrey (the guy behind TweeterGetter) is building one king-hell list.’ The motivation behind Tweetergetter could perhaps simply be doing what he does best with that list.
February 14th, 2009 at 19:57
Well I have to say I agree with you here, Mike. Gary’s using what many would call ‘less than moral’ tactics here, and those tactics are often associated with scammers and the like. So it’s a fair point (imho).
Where I really think the problem lies, however, is not with Gary and his scheme, but with Twitter themselves. See, if Twitter didn’t require API users to have their user’s Twitter credentials in plain text, then this problem wouldn’t exist in the first place. What really needs to happen is for Twitter to transition their API to use token-based credentials like Flickr and many other services. This way, API users COULDN’T steal user’s credentials (and the user can always revoke the app’s privileges).
I’ve used the Flickr API before, and it’s an absolute cinch! Make a call, flick the user to a URL, and Flickr sends them back fully authenticated. It took me about 5 minutes with PHP, and I definitely wouldn’t say I’m a 1337 (0D3r!
February 15th, 2009 at 9:02
An Army of ReTweet-Bots……
… is better than a band of loyal followers — if you want to get noticed on Twitter. It looks like someone has built an army of fake Twitter accounts which can re-tweet on command.
Bruce Wagner, a New York City talk-show host and Twitt…
February 15th, 2009 at 10:04
I definitely agree with you Mike. This type of activity only taints and exploits the twitter community. I think many people signing up for it are new to twitter or don’t know how to build a community, so they might unwittingly think it’s a good idea. But I’ve also noticed that many of the people who think this is the greatest thing to come along are the MLM and “Internet Marketing” scammers. And to those types, people aren’t important, community is not important, only large numbers in their “downline” are important, positioned to buy into whatever “program” or get-rich-quick “system” they are selling.
It’s easy to see that McCaffrey is not interested in interacting with his followers - the gap between the number he is following vs. those he is following back is extremely wide. To me, this is a view that the followers are worthless and nothing they have to say is valuable. The only interest is in broadcasting messages TO them.
Remember the wide-spread twitter account hacking that took place a couple of months ago or so? DM spam was spreading like wildfire, with links in the DMs set up to steal the twitter account passwords and then the account was taken over, spreading the login hack to all of their followers. Anyone following McCaffrey is completely open to whatever potential scam/spam/hack down the road (after the dust of this controversy has settled and all is forgotten).
At best, this just goes against authentic community and relationship building. Why join in with anything that even appears to be fake? It’s a major turn-off.
February 15th, 2009 at 18:20
I note that Gary McCaffrey’s bio now is
# Bio Marketer, Magician, Ponderer
No longer a full time internet marketer? Or trying to downplay his interest in mind control as revealed on http://tinyurl.com/abdeoc ?
February 15th, 2009 at 18:23
Seems that JaceMan has an WELL ABOVE average interest in Mr. McCaffrey. Is it love?
http://is.gd/jzWc
February 15th, 2009 at 21:05
G’day Calrion, I hope Twitter are taking note of your suggestion. In any case letting username harvesters roam free cannot be good for Twitter’s long-term health.
Hello Jannifer, Mr McCaffrey has responded to me saying that he is not harvesting passwords, just usernames. When he starts selling them for future marketing campaigns, yes, Twitter is not going to be a nice place to be.
Pam thanks for your support. He seems to be very clever at adapting to whatever is making him the most money *this* week.
Salty! Maate! Yep, predators often hunt in packs; sharks, wolves, internet marketing gurus like Jaceman and McCaffrey.
February 15th, 2009 at 23:11
Gee thanks Mike! It’s not enough to slander Gary, but now you not only allow your readers to take pot shots at me, but you jump in and slander me too?
[sarcasm]Classy, real classy![/sarcasm]
Good luck finding where THIS “internet marketing guru” has pitched ANYTHING on twitter!
Keep yourself in check. I have deleted comments on my blog where people have criticized others. Take for instance Bruce. You commented on my blog, and he replied in a fashion that I found rude. Now even though, he’s on “my side” of the issue and you aren’t — your comment remains, and his is gone. What does that tell you?
Really!
February 16th, 2009 at 0:15
Hi JaceMan, I’ll keep that in mind.
I see you’ve picked up the word “slander”. I hope you are not like the person who used it here first. He had his Twitter account suspended 12 hours ago.
And finally, I’m glad to see that even your dog is on “my side”.
February 16th, 2009 at 0:53
I didn’t need to do your “investigative” work to unfollow Bruce. I speak the truth 100% of the time, as the About page on my blog states. I commented in my blog that everyone is “my friend” until they show that all they’re interested in doing is spamming others.
I first @replied Bruce when he started making false claims about TweeterGetter and Gary, and that rubbed me the wrong way. I was already “sore” with him over his rude commentary to you prior to his bloated claims (more on that in a minute); and was already thinking less of him when he began resulting to making 9 out 10 posts about TweeterGetter with his TG link, all in toe.
I @replied Bruce and told him that I didn’t think TweeterGetter or Gary were “schemey” or “spammy,” but he was starting to look like it. If you’re going to remain followed by me, you can’t post “Visit TweeterGetter! Visit TweeterGetter!” all day long. You can’t post “Visit ANYTHING!” all day long. Throw a link my way? Sure! Pitch me your product? Without a doubt! I understand. Hit me over the head incessantly? Uh, no! And so, I told him.
Then his spam continued with crazy claims like, “Gary McCaffrey is getting 3 followers a second? Know how?…” and then of course a link to his TweeterGetter profile. This was upsetting for 2 reasons. First, it implied that Gary owed his followers to Bruce. Laughable, of course. Secondly, it’s just blatantly FALSE. And I told Bruce that, too! If Gary had been getting 3 followers a second that would equate to 10,800 follower PER HOUR. A total that Gary is now closing in on, but hasn’t quite reached yet. So, to be doing that type of “revenue” every hour is an astronomical exaggeration. My point in all this… marketing doesn’t bother me. Lies do!
Two other things that bother me are public slander and namecalling and then hypocritical uses of one standard which applies to some, but not all. This brings me back to both Bruce and you.
We’ll start with Bruce. First, I already outlined where Bruce had begun rubbing me the wrong way, and one of those ways was insulting you on MY blog. I wasn’t going to have any of that! That was the last straw for me. I quickly deleted his nasty comment to/about you, and then proceeded to wonder over to Twitter and remove my spammy “friend.”
Now with slander and namecalling we arrive here. I simply don’t appreciate you calling me a “shark,” a “wolf,” or allowing your readers to make homo-erotic suggestions about me (i.e. my “love” for Gary) especially in light of me making dang sure not to tolerate that conduct on my own blog. In fact, if you read my “love-fest” for Gary, you will see where even in those messages that I warned Gary that Bruce wasn’t helping his cause by making his exaggerated claims.
My disdain for double-standards is also addressed by my asking you that if your “beef” was about password theft, had you or did you plan on writing about the other services I mentioned. Maybe you don’t agree with my viewpoint/s, but you cannot deny that I have illustrated a clear linked chain for each and everyone of my thoughts, arguments, and rebuttals.
So in conclusion, my friend, let me say this… you can think what you want about me, and you’re certainly welcome to. BUT there is MORE THAN ENOUGH evidence (and an investigator, such as yourself, should be able to see that) that my stances are unbiased and not fueled by what is CONVENIENT for my own cause. Just look at how I have treated you and Bruce in this case. I consider myself to be a logical thinker, never quick to judge, fair, and and having a preference to dialog over theorizing.
So, man to man, I’d appreciate it if you don’t call me names, make accusations regarding my character, or “high-five” your readers when they do. Thank you and God bless. I have to stop typing now and head to church.
February 16th, 2009 at 2:23
Thanks JaceMan, for defending me from the fearsome Bruce. But honestly, you don’t have to. When someone makes derogatory remarks, it often betrays more about them than their intended target. Really, I’d prefer you put Bruce’s remarks back.
Anyone who knows anything about me will know that I detest censorship. That goes for Bruce’s remarks about me and my readers’ remarks about you.
Sometimes I will hold up approval of a new commenter who hasn’t identified themselves. But once they do that, they own the comment, not me. If you have a beef with one of my commenters, they have left their contact details.
Apologies if you thought I was calling you a shark or a wolf. The idea I was trying to briefly convey was that, in running with Mr McCaffrey, you and others are displaying pack-like behaviour.
And finally, thanks for commenting.
February 16th, 2009 at 2:25
I don’t honestly think that Gary McAffery is harvesting peoples Twitter logins, but this is exactly the thought that crossed my mind when I first saw it. I’m amazed at how many people willingly entered their Twitter logins on a service that was brand new, from someone that I had never heard of before. Maybe he is well known and trusted and I’ve just never heard of him?
Tweetdeck, Tweetlater and various other services/software that need your Twitter login have the same risk, but they were all much more widely known and recommended than this one, so I was a little less worried.
February 16th, 2009 at 3:18
Moderating and censorship aren”t the same thing.
From a technical stand point, I cannot restore Bruce’s comment. From an integrity stand point, I wouldn’t if I could. People are free to think and say whatever they please so long as it doesn’t infringe on the rights of another or bring them undue persecution or libel.
To be honest, when you say that your readers comments “belong to them” and that I am free to contact them, you aren’t taking responsibility or properly moderating your “property.” If this wasn’t a blog, but a brick-and-mortar business, and one of your other customers struck me, threatened me, or threw a beverage on me you would be liable for their conduct. To simply “shrug your shoulders” and pretend that it isn’t your responsibility is to actually ignore your responsibility.
To pitch in and join in the game, as you did, makes it even worse. To do so, and pretend you didn’t do it is simply sad. To say that I’m guilty by association for defending him, but to insinuate you weren’t actually calling me those things run contradictory to one another. Especially with a quick examination of your statement:
“Yep, predators often hunt in packs; sharks, wolves, internet marketing gurus like Jaceman and McCaffrey.”
You used the words: predator, shark, and wolf and then you said “like Jaceman and McCaffrey.” That is you DIRECTLY calling me those things not indirectly (which wouldn’t make any better, if it were indirect) and makes it hard for me accept your pretend apology.
I would accept an apology where you said, “I’m sorry I did that.” I can’t accept an apology that reads, “I’m sorry if you took it as…” “Sorry if you thought…” It’s not that I thought it, it’s that you said it, and your direct quote is above. “I’m sorry you felt..” and similar aren’t actual apologies, they mean, “I’m not admitting any wrongdoing, therefore I have nothing to apologize for.”
I must admit, I’m disappointed. Ironically, today’s sermon at church was about the topic of apologies and forgiveness. Crazy how life works, sometimes.
February 16th, 2009 at 4:25
JaceMan, you are quite right. I retract my apology.
My assessment of Mr McCaffrey’s activities (collection of usernames, akin to collection of e-mail addresses for use in later marketing campaigns) is very low. I would call it anti-social. By being his most vociferous supporter and sending him encouraging tweets, I see you as happy to tar yourself with his brush, run with his pack.
February 16th, 2009 at 7:17
I don’t think Bruce and especially McCaffery’s activities should be encouraged or defended whatsoever. It would be like encouraging the spread of a cancer that does nobody any good. Here’s just one example… On Facebook, one of the Twettergetter supporters sends me a message because I was in the same group as him. The message says this:
“I Have recently had a problem with facebook and lost all my contacts.
I am just wondering if you would be willing to add my new account to your friends please? Thanks for the help, it is really appreciated.”
I don’t even know this person, so I ignore it. Then I get another message titled:
HEY! Get 1000’s Of Legitimate New Twitter Followers On Autopilot! FREE - NO CATCH!
To members of Twitter Tweetaholics
“Hey check this out…
I just found this site that shows you a way of getting 1000’s of new followers
on twitter, I just started using it myself and its starting to work already.”
Then he gives his TwetterGetter link in the message. Of course these messages are unwanted spam, so I’m reporting this person to Facebook for spamming because I don’t want to SEE that spam. I view this as violating me and my time on Facebook with this crap. Of course he got his original Facebook account suspended - he’s a spammer. It’s just one example of how TweeterGetter doesn’t even appear to do anything other than spam and collect usernames/contacts for future spam marketing.
I’m still puzzled why people have forgotten the DM Twitter account hack that happened a few months back. Anyone who follows McCaffery has their DM door wide open to whatever self-serving crap at best he tries to push on people. Why people would want to be USED by someone like that is a complete mystery to me! Even more puzzling is why would anyone take time to defend or encourage those activities?!
February 16th, 2009 at 22:30
Hmm, I don’t think Tweeter Getter was set up for that reason. I use other apps like Tweet Later that require password as well… otherwise the app won’t work.
I do agree though it’s better to be safe than sorry and why not change your password if you choose to use the tool.
Here’s a point of view I shared elsewhere here and thought I’d mention it here as well:
I’ve added over 1000 Twitter followers and they’ve been good prospects as any… I’ve engaged in dialogue with them and think it’s a good tool.
I disagree that Tweeter Getter doesn’t add value, particularly for those who want to develop more relationships and are looking for some leverage and automation to accomplish it.
As long as you’re NOT spamming about it or being obnoxious… Promoting Tweeter Getter respectfully and mindfully isn’t a bad thing in and of itself.
Right now, we all have lots of people regularly choosing to follow us at Twitter. Most of us don’t mind. We rarely know the person who ads themselves to the list… we don’t know if they had a good reason to add themselves.
What matters is what we do after someone follows us on Twitter (and what the new follower does). If we engage in conversations, give value after they’re on our list, we are using Twitter how it was intended.
For these reasons, I suggest using it if you’re in business. I’ve written how to go about the correctly and successfully at my blog, which I think there will be a link to here with my name.
I think it’s better to be cautious so while I don’t think Tweeter Getter is run by a bad guy (chatted with him a bit recently seems transparent to me)… why not change password as you suggested just in case. But I’d still use the Tweeter Getter if you plan to do so correctly.
mike
February 17th, 2009 at 7:22
G’day Mike K,
I agree TweeterGetter has some slight value (particularly for people who don’t value relationships very highly).
However, if you use it, your Twitter username is going on a list operated by a mult-level-marketing spammer. Prepare for the inbound DM spamstorm.
Cheers — Mike
February 19th, 2009 at 0:03
Hey Mike,
You are right I did have you confused with the other guy. Either way it doesn’t matter. I unfollowed Tweetergetter and GaryMccaffrey. I didn’t want to be inundated, I just wanted to interact with a few more people who were looking for interaction. I found some good ones.
February 21st, 2009 at 0:52
Hi all, I’m relatively new to Twitter and therefore have very few followers as yet. I was tempted by Gary’s Tweeter-Getter tool and decided to go in for it and see how it went. I only got an extra half dozen followers from it, but all had one thing in common - they sent a link to one of their sales sites inviting me to buy their stuff. Needless to say, I have unfollowed all of them now. I listened to the video on You Tube entitled Tweeter-Getter Exposed! and heard Gary McCaffrey saying he usually followed those who followed him, however looking at his profile yesterday, I noticed he had 13,898 followers and was following just 122 of those. Looking at Twitter’s T&Cs, they investigate if a member gets a lot of “blocks”, so if all those who disapproved of McCaffrey’s pyramidal scheme, went to block him, then maybe Twitter will do just that.
I changed my password very quickly, so hopefully all McCaffrey has of mine is my username.
February 21st, 2009 at 23:56
Mike,
I kindly ask you to retract all your statements referring to me as a spammer and/or a password harvester. They are clearly blatantly libelous and without any factual basis whatsoever.
I don’t appreciate it and my next step will be contacting your web host to ask that they do something about it.
Thanks,
Gary.
February 22nd, 2009 at 1:21
G’day Gary,
Thanks for stopping by and leaving this threat.
Cheers — Mike
February 22nd, 2009 at 4:48
Here’s the thing, my new friend, Mike…
First, I’ve decided, for my own reasons, not to say any more about TG.
About the topic of Free Speach, however, I want to make a couple important points.
Free Speach has just a few limitations.
One of those limitations is: Making false statements about someone which harms them, or impunes their reputation.
The fact is…. Gary has never sent a spam.
And Gary does not collect (”harvest”) passwords. Stating that he does, is a damaging false statement.
The legal term for this is, “slander”.
I am NOT name-calling here. It is a legal term. Please everyone, may I refer you to dictionary.com before you get upset…?
My point: Making harmful statements about people, which are untrue (i.e. you cannot prove to be true) is walking on very dangerous legal territory. ……not to mention, much MORE unethical than even spamming is.
As I tell everyone: if you publish a blog, like it or not, you are a journalist. BE A RESPONSIBLE JOURNALIST. You’d better be very very sure that your “facts”, are really facts…. ESPECIALLY when those statements could harm someone’s reputation.
Either that, or have an expensive legal team standing by….. ready to pull you out of the hot water you might find yourself in.
Regardless of this particular case, I ask everyone: Which is a more serious “crime” (civil offense) - spam or slander….?
February 22nd, 2009 at 9:32
[…] of them are fine! Like friend of The Droid Mike Fitz. Mike postulates that tweetergetter is a password harvester >> I know McCaffrey is a D-Bag so it wouldn’t surprise >> If he has harvested […]
February 22nd, 2009 at 14:15
Bruce,
Thanks for the great advice! I know whenever I have a question that concerns International Law and Free Speech I turn to dictionary.com.
How could that possibly fail??
And even dictionary.com knows that slander is for ORAL UTTERANCES >> not published ones. You talk too much for one who knows too little.
February 23rd, 2009 at 1:08
Libel and Slander go hand-in-hand… like Twitter and IM… same idea, different medium.
“You talk too much for one who knows too little.”
February 25th, 2009 at 1:20
The first person I saw tweet about “tweetergetter” (seriously, twitter wasn’t a dumb enough name?) was one of the most despicable human beings it has ever been my displeasure to come across on the web. A guy who, LITERALLY, revelled in the idea of my children getting decapitated in a car accident. Admittedly, that being my first experience with the ’site colored it somewhat for me, but in the following days and, yes, in this blog, I have not seen ANYTHING to dissuade me from the opinion that tweetergetter is, at best, a scam to gain you large (and in most cases that I’ve seen, not even THAT large) amounts of followers who could not care less about you or what you are tweeting. If you want real, honest human interaction, follow and be followed by people you are interested in. If you want a big group of people/bots to spam to and be spammed by…..tweetergetter seems like a great idea to me!
Long story short, if I see a Tweetergetter ReTweet….Automatic Unfollow.
September 1st, 2009 at 18:55
[…] TweeterGetter? Twitter Password Harvester! « MikeFitz with overflow bit set… mike.brisgeek.com/2009/02/14/tweetergetter-twitter-password-harvester – view page – cached In the past three days, tens of thousands of Twitter users have visited tweetergetter.com and subscribed to its promise of 19,530 new followers in 30 days. They are signing up in droves. A Twitter search for “tweetergetter” shows them all rolling in. — From the page […]