• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Twitter Major Password Reset After Phishing Attack

February 3, 2010

Views: 6,706

[ad]

Twitter has come under attack fairly frequently in recent months, which is not surprising considering the explosive growth of the platform and the sheer number of users it has.

If you are a Twitter use you may have noticed many people had their password reset automatically yesterday, Twitter today announced the reason for this on their status site here:

Reason #4132 for Changing Your Password

It’s a fairly intricate scam where someone has spent a lot of time effort and exhibited patience in harvesting all of these accounts.

Officials at Twitter linked the resetting of passwords to a malicious Torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days. Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts today.

According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reason, the company decided to push out a password reset to the accounts, he said. After launching an investigation, Twitter officials linked part of the problem to malicious torrent sites.

“It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own,” Harvey blogged. “However, these sites came with a little extra — security exploits and backdoors throughout the system. This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up.”

The main crux of the story is, if you’ve signed up for any 3rd party private torrent trackers or forums, you’d better go and change your e-mail address and password there. Especially if you were stupid enough to use the same password you use for other sites (such as Twitter).

The trend seems to be continuing with people using the same username, e-mail and password (or at least a variation of the same password) across multiple sites.

I’m pretty sure however, everyone reading this site doesn’t do that as we are fully aware of the danger involved.

“Additional exploits to gain admin root on forums that weren’t created by this person also appear to have been utilized; in some instances, the exploit involved redirecting attempts to access the forums to another site that would request log-in information,” he continued. “This information was then used to attempt to gain access to third party sites like Twitter.”

Harvey stated that Twitter has not identified all of the torrent forums involved, but urged anyone who has signed up for one built by a third party to change their password there.

“The takeaway from this is that people are continuing to use the same email address and password (or a variant) on multiple sites,” he blogged. “Through our discussions with affected users, we’ve discovered a high correlation between folks who have used third party forums and download sites and folks who were on our list of possibly affected accounts.”

Not all of the accounts affected were linked to Torrent sites, Harvey added. Earlier today, a Twitter spokesperson told eWEEK that some users had signed up for “get followers fast schemes.”

I see a LOT of people on Twitter falling for these “Get followers fast” or “Get 1000 followers NOW” schemes which require them to give their login credentials to 3rd party sites.

Of course after that the sites use their account to send spam DMs or tweets and often end up in the user account getting locked for spamming.

This of course follows the Twitter DM Phishing Scam and the time the SSL Renegotiation Bug was used on Twitter.

Darknet is on Twitter, if you wish to follow us you can do so here: http://www.twitter.com/THEdarknet

Source: eWeek

Related Posts:

  • Privacy Implications of Web 3.0 and Darknets
  • An Introduction To Web Application Security Systems
  • MyEtherWallet DNS Hack Causes 17 Million USD User Loss
  • TeamViewer Hacked? It Certainly Looks Like It
  • Massive Yahoo Hack - 500 Million Accounts Compromised
  • HTTrack - Website Downloader Copier & Site Ripper Download
Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Phishing, Privacy, Web Hacking Tagged With: hacking twitter, Password Cracking, password-hacking, Phishing, scams, twitter, twitter hacking, twitter phishing, twitter security, web-security



Reader Interactions

Comments

  1. Mike says

    February 6, 2010 at 6:53 pm

    “I

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Defending Against Malicious Botnets in 2025 Automated Traffic Threats and Mitigation

Defending Against Malicious Botnets in 2025 Automated Traffic Threats and Mitigation

Views: 175

Automated internet traffic will now overtake human activity, presenting sophisticated cyber threats … ...More about Defending Against Malicious Botnets in 2025 Automated Traffic Threats and Mitigation

TREVORspray - Credential Spray Toolkit for Azure, Okta, OWA & More

TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More

Views: 342

TREVORspray is a purpose-built password spraying utility designed for red teams and offensive … ...More about TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More

Force Push Scanner - Hunt GitHub Dangling Commits for Leaked Secrets

Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets

Views: 349

Force Push Scanner is an offensive security tool that identifies secrets inadvertently left in … ...More about Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets

Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Views: 5,484

Darknet marketplaces remain central to illicit trade in 2025, with evolving business models, payment … ...More about Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Caracal - Rust eBPF Rootkit for Stealthy Post-Exploitation

Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation

Views: 519

Caracal is a new Rust-based eBPF (extended Berkeley Packet Filter) rootkit that provides a stealth … ...More about Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation

Windows_EndPoint_Audit - Endpoint Security Auditing Toolkit

Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit

Views: 575

Windows_EndPoint_Audit from ITAuditMaverick introduces a powerful method for offensive security … ...More about Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit

Topics

  • Advertorial (28)
  • Apple (46)
  • Cloud Security (2)
  • Countermeasures (231)
  • Cryptography (84)
  • Dark Web (1)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (432)
  • Forensics (65)
  • GenAI (4)
  • Hacker Culture (9)
  • Hacking News (231)
  • Hacking Tools (688)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (240)
  • Networking Hacking Tools (353)
  • Password Cracking Tools (105)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (119)
  • Security Software (236)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (170)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker Hacker – Download brutus-aet2.zip AET2 (2,333,816)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,359)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,839)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,813)
  • Password List Download Best Word List – Most Common Passwords (933,804)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,476)
  • Hack Tools/Exploits (673,480)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,461)

Search

Recent Posts

  • Defending Against Malicious Botnets in 2025 Automated Traffic Threats and Mitigation July 16, 2025
  • TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More July 14, 2025
  • Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets July 11, 2025
  • Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends July 9, 2025
  • Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation July 7, 2025
  • Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit July 4, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy