Twitter Reveals Phishing Attacks, Resets User Passwords

There's been news that many Twitter users had their passwords reset earlier this week and now we've got the actual story behind it.

It appears that a mysterious website developer had pulled out a scam which resulted in a lot of Twitter log in details being stolen. Twitter's director of trust and safety, Del Harvey had explained it in his latest blog post: “It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own. However, these sites came with a little extra — security exploits and backdoors throughout the system”.

The flaws left by the creator of these websites allowed them to gain access to the users' login details on the particular website. These details were then used to access people's other online accounts which used the same username and password.

Twitter's suspicion was raised by the odd activity on some accounts which had experienced a sudden increase in the number of followers. This was followed by Twitter's security investigation which had revealed that users following the suspicious accounts have most likely been victims of the scam.

However, although Twitter was nos able to identify all of the forums and websites that took advantage of the exploits left by their creator, it had sent the password reset requests to all of the users which were suspected of being the victims of this fraud. Moreover, Twitter also suggested that their users should be aware of the dangers of using the same username and password on different sites. In case it falls into the wrong hands with the help from one website it would allow online scammers to gain access to the other accounts using the same login data.

"We felt that it was important to put this knowledge out there so that users would know of the possibility of compromise of their data by a third party unrelated to their Twitter account. We strongly suggest that you use different passwords for each service you sign up for", Harvey added.

More Phishing news

Top 15 Most Abused TLDs in February 2010

Avira recently released report about the most abused TLDs in February 2010. The main difference noticeable from January is that the .ru domain were used 64% often that January. This factor was the reason that .ru domains ended on the 3rd place in this top 15 (see the list below). Phishing (top level domains, %):1) .com 46.20 2) Others 11.27 3) .ru 9.92 4) .org 6.24 5) .net 5.276) IP Address 4.167) .kr 4.00 8) .cz 3.76 9) .uk 2.3710) .fr 1.6711) .pl 1.1712) .info 1.12 13) .de 1.0314) . Read more.

• Twitter Phishing Attack
• Google Buzz is at its Crossroads
• Haiti Earthquake SEO Poisoning
• Malware leading to premium phone number
• Phishing Attacks Still At Large
• Koobface Worm Attacks via Twitter

News categories

• Malware
• Spam and email
• Phishing
• Mobile security
• Vulnerabilities
• Security software
• Online security
• Security basics

Latest news

• New iPad Attracts Spammers
• How to Create a Secure Password?
• A Bug Found in OpenSSL
• Source Code is Stolen By Hackers
• Google Engineer Disclosed Window's DEP Flaw
• Top 15 Most Abused TLDs in February 2010
• Mariposa Botnet is Closed and Attackers Are Arrested
• Be Careful With F1!
• Fake Virus Total
• Recently Used Spam Categories

Antispyware Software

• • Download Spyware Doctor
    
• • Download VIPRE Antivirus + Antispyware
    
• • Download Trend Micro AntiVirus plus AntiSpyware
    
• • Download Spy Sweeper
    

Subscribe