As someone asked in the comments of the article asked (no response yet), I'm curious myself...
> "twimg.com is a domain used by Twitter which is an widget company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Does that not mean that SEA will be intercepting this data?"
Couldn't they do this with any of the sites that they modify? That's what I am sort of wondering about, sure you could redirect the homepage to something dumb, and make it really obvious that the site has been attacked. But, it seems like they could have similarly done a man-in-the-middle and sucked up tons of data silently, without throwing up any big red flags.
> "twimg.com is a domain used by Twitter which is an widget company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Does that not mean that SEA will be intercepting this data?"