03 February 2010 | Author: J. Morton News Editor
After once again becoming the target of malicious individuals on the web, Twitter has reset all accounts affected by a phishing scam perpetrated by phony torrent sites.
According to a blogpost by Twitter, the company suspects file-sharing torrent sites of compromising users' login details. Specifically, it believes several torrent sites - designed by one person or one group of people and sold to enterprises looking to establish their own download site - that require login details, have been exploiting users' propensity to share email/password combinations across multiple sites.
"[The designer of the sites] waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up," the company said, citing systems rife with "security exploits and backdoors throughout" facilitating the theft.
As users - against the warnings of web security experts - often share login details across many different websites, the rogue programmer may have used the sensitive information to log in to third party sites, the company said.
This news comes on the heels of security firm Sophos' annual threat report, which assesses past breaches in Internet security and forecasts for the year ahead. A survey conducted for the report identifies social networking sites as the prime source for concern over corporate web activity.
Though Facebook garnered the highest amount of contempt, Twitter was listed as third, following MySpace, according to Sophos.
Twitter said: "We haven't identified all of the forums involved (nor is it likely that we'll be able to, since we don't have any connection with them), but as a general rule, if you've signed up for a torrent forum or torrent site built by a third party, you should probably change your password there."
Password reset requests were sent to anyone thought to be targeted, and the popular social site also encouraged users to select unique passwords and user names for each site they join.
Twitter resets targeted accounts after phishing scam
After once again becoming the target of malicious individuals on the web, Twitter has reset all accounts affected by a phishing scam perpetrated by phony torrent sites.According to a blogpost by Twitter, the company suspects file-sharing torrent sites of compromising users' login details. Specifically, it believes several torrent sites - designed by one person or one group of people and sold to enterprises looking to establish their own download site - that require login details, have been exploiting users' propensity to share email/password combinations across multiple sites.
"[The designer of the sites] waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up," the company said, citing systems rife with "security exploits and backdoors throughout" facilitating the theft.
As users - against the warnings of web security experts - often share login details across many different websites, the rogue programmer may have used the sensitive information to log in to third party sites, the company said.
This news comes on the heels of security firm Sophos' annual threat report, which assesses past breaches in Internet security and forecasts for the year ahead. A survey conducted for the report identifies social networking sites as the prime source for concern over corporate web activity.
Though Facebook garnered the highest amount of contempt, Twitter was listed as third, following MySpace, according to Sophos.
Twitter said: "We haven't identified all of the forums involved (nor is it likely that we'll be able to, since we don't have any connection with them), but as a general rule, if you've signed up for a torrent forum or torrent site built by a third party, you should probably change your password there."
Password reset requests were sent to anyone thought to be targeted, and the popular social site also encouraged users to select unique passwords and user names for each site they join.
English
German/Deutsch
Norwegian/Norsk
Swedish/Svenska
Italian/Italiano
French/Français
Spanish/Español
Latest News
Group sues over Google privacy policy changes
Google pays users to give up their privacy
Yahoo Chairman Roy Bostock steps down
Google introduces Chrome for Android
Apple warns appayola-using app-makers
Deleted photos live on in Facebook servers
Ofcom caps broadband and phone line prices
RSS News Feeds
Related Articles
