Twitter has identified a scheme that uses compromised file-sharing sites to steal the log on information of users.
The service said it had discovered a number of compromised "torrent" sites that had been set up specifically to skim usernames and passwords. Torrent sites acts as indexes of links to TV, film and music files. Scammers were then able to use the data to gain access to Twitter and other sites because many people use the same logon for multiple services.
The firm has reset the accounts of affected users, it said.
"The takeaway from this is that people are continuing to use the same email address and password (or a variant) on multiple sites," the firm said in a blog post.
2:57 pm on Feb 3, 2010 (gmt 0)
Twitter reset my password yesterday. The email stated that my account may have been compromised in a phishing attack that took place off-Twitter.
However, I have not seen any unauthorized posts though, and I only connected my Twitter account to trusted sites (feedburner, tweetmeme, etc). And I never use file sharing, music sharing or movie downloads.
But well, they say reset your password so I reset my password :o)
3:11 pm on Feb 3, 2010 (gmt 0)
If you use the same password at other sites, I would take it as a warning to change your password at all of them as well.
7:03 pm on Feb 3, 2010 (gmt 0)
Use software like Keepass to store your online passwords, and choose a new and different password for every site and service that you use and access.
9:58 pm on Feb 3, 2010 (gmt 0)
as g1smd suggested, keepass is great! Remember one good password and then copy / paste highly secure passwords from keepass. I personally save Facebook's password in firefox but I only use that password for Facebook and if it ever got compromised I'd change it. I change all my passwords once or twice a year anyways for additional security.
11:41 pm on Feb 3, 2010 (gmt 0)
Agreed that software to manage different passwords is the way to go. Needs to be encryption in there somewhere. I use a little Java program for this now but would like something easier to use. Every time this comes up I tell myself I'll use [clipperz.com...] Would still memorize my bank password and any other super-critical ones but I've gotta think the ease of using many many many different passwords for 'medium security' sites with Clipperz has to outweigh any risk of storing the info (encrypted!) online. Right!?
5:01 am on Feb 4, 2010 (gmt 0)
Impressive, Twitter staff is able to see the backend of torrent sites and make strong accusations and tie it in with specific twitter users, not to mention modify the twitter users account?
You know this stuff is going on, more and more "big" sites work with authorities to keep an eye on you/everyone, but the net feels increasingly UNsafe when you realize the "good guys" can do what the "bad guys" do even if under a veil of good will.
NOT giving up privacy, to good guys or bad, is near impossible these days and that's the real problem.
As part of our ongoing efforts to monitor our user base for odd activity, we noticed a sudden surge in followers for a couple accounts in the last five days. Given the circumstances surrounding this, we felt it was best to push out a password reset to accounts that were following these suspicious users.