First Reports of Google Reader Spam Injection?

Feb 21, 2008 • 8:04 am | comments (2) by twitter Google+ | Filed Under Other Google Topics
 

A couple of active Google Reader users have reported at a Google Groups thread that someone or something is injecting spam into their daily reading. It is really hard to determine how this is being done at this point (i.e. the reports are really new). Here are two of those reportS:

How are these people's blogs showing up in my reader that I haven't added to my subscriptions? Lots of Ads or people I just don't know.

I am having a similar problem.

In my iGoogle homepage where I have a widget (taken from Google reader I think?) allows me see my feeds. I am seeing a feed from something called "best pics around." This now is flooding the widget so that i no longer see any of my other feeds.

However, when I go to my Reader there is no sign of this feed and I see my other feeds as normal but therefore I am unable to unsubscribe to this feed. I have no Friends shared items and i am logged in to my account.

Google Reader Guide asks a few questions for the first user. He/she asks if she is on a public computer and making sure that you are indeed logged into your account and not someone elses. Maybe he/she is seeing items from the "Friends' shared items" that was launched recently? But I don't think this applies to any of those suggestions. The second report came in after and I doubt it was the same case.

I personally tested my account and it was clean of pictures and spam.

But what are other possibilities?

  • Someone hacked into their accounts and added the content
  • Their computer was infected and injected with this content
  • They visited a page that somehow automatically added subscriptions to their Google Reader accounts
  • Google Reader was indeed spammed somehow?

Forum discussion at Google Groups.

Previous story: Microsoft adCenter's Dynamic Keyword Feature Broken: Work Arounds?
 

Comments:

LucasOman

02/21/2008 08:03 pm

It does seem that this would be easy to do using XSRF. So many people (like myself) remain logged into their Google Reader account all day, every day, that it would be easy to phish for opportunities.

Tiago Faria

05/15/2008 07:57 pm

Indeed. I have a screenshot of someone who was able to display something that looked like it was coming from my weblog. The technique used must be the same. I'm interested in knowing how this could be done,though.

blog comments powered by Disqus