Twitter phishing attacks linked to torrent sites

Click to follow
The Independent Online

People using the same email address and password on multiple sites have again been cautioned against doing so. Twitter recently discovered phishing attacks on its site have been strongly linked to the use of forums on torrent sites.

Social networking site Twitter came under fire earlier this week for forcing users to change their passwords without providing them with a full explanation for the request.

The full explanation from Twitter arrived on Tuesday February 2 and quickly spread across the internet. Twitter discovered that the majority of users who had their passwords stolen and their Twitter accounts compromised had also signed up to websites hosting torrent files - either by providing their password and email address when signing up for the site or by submitting the information in order to participate on user forums attached to the site.

"It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own," wrote Del Harvey, Director of Trust and Safety at Twitter on the Twitter Status site on February 2.

"[T]hese sites came with a little extra - security exploits and backdoors throughout the system," he added. "This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up. Additional exploits to gain admin root on forums that weren't created by this person also appear to have been utilized; in some instances, the exploit involved redirecting attempts to access the forums to another site that would request log-in information. This information was then used to attempt to gain access to third party sites like Twitter."

Twitter advises users, especially those that have used the same email address and password (or a variant that can be easily determined), to change their Twitter password.