Twitter has seen its fair share of phishing attempts and it has thwarted quite a few. But there is a new vector that attackers are using now and they are targeting Twitter once again. There was a large scale phishing scam that was going on within various torrent sites and forums and it came to the attention of the Twitter security team as an anomaly. Some users had an abnormally high number of followers. And worst part was that these torrent site owners have/had no clue that this was happening through their sites.
Twitter recently revealed that after probing into the matter, they found out that an someone has been making torrent sites that are locked down and need login credentials in order to be used. Whilst this is nothing new, it turns out that these specific sites had major security holes built into them deliberately, so that user credentials could be transmitted to the original author/s.
These sites were then sold to unsuspecting webmasters, who set about running it just like they would. Now, torrent sites have always had a bad name for being dangerous areas of the Internet but this has been a completely new way to exploit such sites. Usually it is all about malware authors (and the copyright police) uploading dangerous and/or useless torrents that can infect your system and compromise it. The login credentials harvested in this manner allowed the perpetrator/s to access thousands of accounts on twitter and exploit that for commercial gains.
![phishing-scam-twitter [not funny when your account is compromised]](http://www.mytechmix.com/wp-content/uploads/2010/02/phishing-scam-twitter.jpg "phishing-scam-twitter [not funny when your account is compromised]")
Once the Twitter security team detected these abnormalities, they immediately set about resetting the passwords of all accounts that were following these suspicious accounts. The suspicious accounts were of course deleted. This move however caused some widespread confusion amongst the many Twitter users who had their password reset. That’s mainly because most people check twitter before they check their email and many use third-party clients to access twitter on a variety of platforms.
Twitter has announced that they wanted to make this public so that the users can be aware of the situation and take better online safety precautions. For starters, it is always a good idea to keep your password for high-risk websites like torrent sites and high-priority websites like twitter and Facebook absolutely separate. Try not to use your email and social networking passwords anywhere else and be careful about where you use your password, especially with many sites allowing twitter and facebook logins to access their services and content.
Related posts:
- Twitter Engineer Talks About “Nifty” New Features, Causes Third-Party Devs To Worry
- Google’s Newest Foray Into Social Networking Is Called Buzz, It’s In Your Gmail
- Dream House? Check Out These 7 Sites for Wow-Worthy Home Improvement Ideas
- SpeedyFox – A Pathway to Enhance Your Net Surfing
- HootSuite Releases Apps For Android, Updates iPhone App
0 Response to “Twitter Scam On Torrent Sites Revealed, Password Reset Explained”