Twitter phishing attacks linked to torrent sites
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.People using the same email address and password on multiple sites have again been cautioned against doing so. Twitter recently discovered phishing attacks on its site have been strongly linked to the use of forums on torrent sites.
Social networking site Twitter came under fire earlier this week for forcing users to change their passwords without providing them with a full explanation for the request.
The full explanation from Twitter arrived on Tuesday February 2 and quickly spread across the internet. Twitter discovered that the majority of users who had their passwords stolen and their Twitter accounts compromised had also signed up to websites hosting torrent files - either by providing their password and email address when signing up for the site or by submitting the information in order to participate on user forums attached to the site.
"It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own," wrote Del Harvey, Director of Trust and Safety at Twitter on the Twitter Status site on February 2.
"[T]hese sites came with a little extra - security exploits and backdoors throughout the system," he added. "This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up. Additional exploits to gain admin root on forums that weren't created by this person also appear to have been utilized; in some instances, the exploit involved redirecting attempts to access the forums to another site that would request log-in information. This information was then used to attempt to gain access to third party sites like Twitter."
Twitter advises users, especially those that have used the same email address and password (or a variant that can be easily determined), to change their Twitter password.
http://status.twitter.com/post/367671822/reason-4132-for-changing-your-password
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments