Oh wow, it’s fake and suspicious…

Last Monday, roaming around at my office, some of my colleagues showed me a website that has a similar look with Path.com and also exact Path logo on the website, web layout is pretty neat too, some of my friends even say that PathWebsite is for exclusive path users only. I dunno how the PathWebsite team could trick people in that way.

After you logged in to the website, surprisingly you will see your path timeline… hmm dunno how they did it, AFAIK as a developer who wants to have their app connected to Path Api services, they should have had officially partnered with Path.com such as NikeRun and WordPress. The illegal way accessing Path data is by “byPass”-ing Path server with its user credential. It’s mean that Path has a hole on their server which lets some people hacking to get user data without Path Offical API.

My suggestion for you who had registered your account on that site is to change your credential immediately, at least that is what you can do for now. Just hope that they don’t do anything illegal with your credential.