Twitter has come under attack fairly frequently in recent months, which is not surprising considering the explosive growth of the platform and the sheer number of users it has.
If you are a Twitter use you may have noticed many people had their password reset automatically yesterday, Twitter today announced the reason for this on their status site here:
Reason #4132 for Changing Your Password
It’s a fairly intricate scam where someone has spent a lot of time effort and exhibited patience in harvesting all of these accounts.
Officials at Twitter linked the resetting of passwords to a malicious Torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days. Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts today.
According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reason, the company decided to push out a password reset to the accounts, he said. After launching an investigation, Twitter officials linked part of the problem to malicious torrent sites.
“It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own,” Harvey blogged. “However, these sites came with a little extra — security exploits and backdoors throughout the system. This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up.”
The main crux of the story is, if you’ve signed up for any 3rd party private torrent trackers or forums, you’d better go and change your e-mail address and password there. Especially if you were stupid enough to use the same password you use for other sites (such as Twitter).
The trend seems to be continuing with people using the same username, e-mail and password (or at least a variation of the same password) across multiple sites.
I’m pretty sure however, everyone reading this site doesn’t do that as we are fully aware of the danger involved.
“Additional exploits to gain admin root on forums that weren’t created by this person also appear to have been utilized; in some instances, the exploit involved redirecting attempts to access the forums to another site that would request log-in information,” he continued. “This information was then used to attempt to gain access to third party sites like Twitter.”
Harvey stated that Twitter has not identified all of the torrent forums involved, but urged anyone who has signed up for one built by a third party to change their password there.
“The takeaway from this is that people are continuing to use the same email address and password (or a variant) on multiple sites,” he blogged. “Through our discussions with affected users, we’ve discovered a high correlation between folks who have used third party forums and download sites and folks who were on our list of possibly affected accounts.”
Not all of the accounts affected were linked to Torrent sites, Harvey added. Earlier today, a Twitter spokesperson told eWEEK that some users had signed up for “get followers fast schemes.”
I see a LOT of people on Twitter falling for these “Get followers fast” or “Get 1000 followers NOW” schemes which require them to give their login credentials to 3rd party sites.
Of course after that the sites use their account to send spam DMs or tweets and often end up in the user account getting locked for spamming.
This of course follows the Twitter DM Phishing Scam and the time the SSL Renegotiation Bug was used on Twitter.
Darknet is on Twitter, if you wish to follow us you can do so here: http://www.twitter.com/THEdarknet
Source: eWeek
“I