A good rule of thumb is that if a random website tries to trick you into giving it access to your Twitter account in order for you to watch a video titled “Baby Poops In His Onesie, But Dog’s Response Leaves Millions Of People In Hysterics,” you shouldn’t do it. You absolutely should not do it.
We should not have to tell you to do this. It should be something you assume is a bad idea, and based purely on your ability to assess the situation and make the correct choice, not do.
Yet numerous Twitter users did just that this week, including Mother Jones editor in chief Clara Jeffery, New York Times literary critic Dwight Garner, Fox News pundit Brit Hume, and bellowing colonial throwback John Bolton. The culprit appears to be a website using the URL “http://trending-twitter.video,” which shows previews of videos and redirects users to authorise an official-looking “Twitter Video” app when they click.
Once the app is authorised on an account, it begins spamming links to the site—starting with the video the user originally fell for, which in many cases appeared to have been the pooping baby.
This is essentially a form of phishing, though similarly malicious apps have been a problem on Twitter as far as I can remember. The only thing that’s truly noteworthy about this wave is the number of accounts it seems to have affected and the video in question, which is a particularly embarrassing way to be outed as someone who likes watching babies poop on dogs or whatever.
"Baby Poops In His Onesie" lol its got Bolton and Brit Hume. pic.twitter.com/oHb37h3hop
— Trump's Friend Jim (@YanceyMc) December 11, 2017
PSA: don't auth in to that "baby poops his onesie" video because it's autotweteing from your account lol
— ಠ_ಠ (@MikeIsaac) December 12, 2017
Baby Poops In His Onesie, But Dog’s Response Leaves Millions Of People In Hysterics use code “coolestbrian” when signing up for hq
— brian feldman (Michael Clayton is on Netflix) (@bafeldman) December 12, 2017
If anyone gets a "Baby poops in his onesie" tweet from me let me know. I did NOT send it. PPls twitter accts are either hijacked or ghosted.
— RiddleMeThis (@DjMcDougle01) December 11, 2017
Hume is particularly confused as to why this keeps happening to him, of all people, though no one should feel obligated to help him out.
Image: Screengrab via Twitter
Again, you really should never, ever let random viral video websites log into your Twitter account. Authorising the “Twitter Video” app, for example, gave it and its creators not only the ability to read users’ timelines and post tweets for them, but “Access your direct messages.” If you do get caught by this type of scam, it’s easy to navigate to the Applications section in settings and revoke any individual app’s permissions in just a few clicks.
Twitter appears to have kicked this particular app to the curb, as going to the site and clicking the option to view the video now returns an authentication error.
Image: Screengrab via trending-twitter.video