TwitViewer, a Twitter service that promotes itself as allowing users to “know who’s stalking you on Twitter” is a phishing scam according to a note sent out by Twitter today.
TwitViewer claims to provide a list of Twitter users who have visited your profile, but asks for Twitter login details to gain access. Once handing over details, TwitViewer then spams your contacts with a link to the site and the message “Want to know whos stalking you on Twitter?” Beyond the spam sent upon signing up, it’s not clear what the people behind the site intended to use the login details for, although sending commercial spam would be the most likely reason.
Twitter advises that “If you gave your login and password info to TwitViewer, we strongly suggest you change your password now” and the site has also been added by Google to a list of known phishing sites so that users of modern browsers with anti-phishing support get a warning message when trying to view the site.
If you have used TwitViewer previously, it goes without saying that you should follow Twitter’s advice immediately. It should also be noted that this TwitViewer is at TwitViewer.net; the service on the same name at TwitViewer.com is not related to the phishing scam.
Update: TwitViewer appears to be down, with a message on the site reading “Don’t know why all this happened but were shutting down… may be back up on another domain.”