Something called “Twitterank” has been #1 on Twitter’s trending topics for much of the afternoon, and a flurry of tweets have been coming across along the lines of “my twitterank is 30.35!” with a link to an individual page for each user on a crudely designed website. While the site doesn’t give any real details as to what the number means, users have been handing over their credentials in mass to get the latest peek at what their Twitter popularity might be. Bad idea.

Word is now spreading that the site is a might be a phishing scam, setup for the sole purpose of stealing Twitter usernames and passwords. Fortunately, the developer apparently isn’t doing it for malicious purposes. ZDNet seems to have identified the person behind Twitterank, who tweeted this evening “Twitterank is a vast conspiracy I created to steal all of ur passwords + shame Twitter into OAuthing. + make u look vain.” (Update 4:30pt: This person is *not* the developer of Twitterank, but rather a Tweet that ZDNet picked up on to highlight the potential security issue)

In other words, this might just be a high profile prank to bring attention to a security vulnerability in Twitter. And at the same time, make a whole lot of people look very foolish for handing over their usernames and passwords just to see a silly numerical ranking that has no meaning.

We’re still trying to pin down a few more details on Twitterank, but in the meantime sound off in the comments and let us know if you got suckered or know more about the app.

Update (4:55PT): The blog linked to from the Twitterank site has been updated. The author writes, "No, I am not a phisher. I don’t even store your password. Your password gets used once to calculate your Twitterank, and is never stored on disk or any other permanent storage device. Having said that, people do need to be more careful about giving away their account information. I’m not evil, but the next guy might be."