Twitter forces password reset to protect some accounts

The company has discovered that log-in information has been stolen in compromised torrent file-sharing sites

Twitter required some users to reset their passwords on Tuesday after discovering that their log-in information may have been harvested via security-compromised torrent Web sites, the company said.

For years, a malicious hacker has been setting up file-sharing torrent sites that appear legitimate and then selling them to well-meaning buyers who want to own their own download site, explained Del Harvey, Twitter's director of trust and safety, in a blog post.

However, the sites are riddled with malware and backdoors that allow the malicious hacker to steal log-in credentials -- like e-mail addresses, usernames and passwords -- from users who sign up for them.

Since people often use the same log-in information for multiple sites, the hacker has been breaking into Twitter accounts and possibly other social networks.

Twitter started investigating after it noticed an uncharacteristic spike in followers for a couple of accounts in recent days. It prompted users in the follower list of these accounts to reset their passwords.

The main takeaway for Twitter users: "We strongly suggest that you use different passwords for each service you sign up for," Harvey wrote.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags twitterexploits and vulnerabilitiespasswords

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Juan Carlos Perez

Latest Videos

More videos

Blog Posts

Market Place