When's the last time you gave out your username and password for something crucial to a random web service? That's what a lot of people have been doing with Twply.com. The site asks you for your username and password, and then promises to send any @replies that you get on Twitter to your email account. However, it'll also spam its own URL across your Twitter account - "Just started using http://twply.com/ to get my @replies via email. Neat stuff!". That means they've got a big database of Twitter usernames and passwords, ripe for spamming. I wonder what could happen if they got bought by someone without a conscience... Oh, wait. If you've used the site, now would be a great time to go change your password. If you've not, then remember basic security advice. If you're not sure about giving out your username and password to a website, then don't do it. Have you got any tales of Web 2.0 privacy woe? I want to hear them. Drop me a comment below. Oh, and for a service which does the same thing without asking for your password, try replies.twittapps. Twply (via Helloform) Related posts: Twitterer liveblogs his own plane crash | Evening Standard fails in its meagre attempts to understand Twitter