No, we don't "heart" it. Hundreds of Twitter accounts were hijacked and used to spread spam for several hours last night (Apr. 23). The issue appears to have originated from WeHeartIt.com, a social photosharing website that lets users connect their Twitter accounts.
The spam tweets read "If I didn't try this my life wouldn't have changed," and contained links to a Web page touting a "miracle diet pill" called Garcinia Cambogia. The page was designed to look like the magazine Women's Health, but the URL revealed that it was a fake.
The "diet pill" is definitely fake, but experts say it's possible spam link might also contain malware as well. Translation: Do not click on it. Most of the spam Tweets, particularly at the beginning of the deluge, contained a "via weheartit.com" tag, suggesting that the social networking site was the source of the spam. However, some of the later tweets were tagged as being sent via other apps such as Twitter for iPhone.
It appears that the cyberattack originated at WeHeartIt, and because the site has such a direct connectivity to Twitter the spammers were able to connect to that site as well, which gave them a much bigger platform for their spam campaign.
The spam stopped late last night, after WeHeartIt disabled its Twitter sign-in and sharing functions. WeHeartIt now says the issue has been resolved. Nevertheless, people who use WeHeartIt and sign in to the service with their Twitter accounts should change both passwords, just in case the login credentials for one or both services have been compromised.