14 DAY TRIAL // Twitter warns that a recent mass account hijacking, which affected users of the micro-blogging platform, is the result of compromised third-party torrent sites. Unknown attackers were allegedly able to commandeer numerous Twitter accounts, because their owners reused passwords over multiple sites.
A few days ago, the Twitter staff noticed an unusual spike in followers for several users. For example, one of them called THCx, which has since been suspended, managed to get followed by some over 40,000 people in a very short period of time.
Twitter has recommended users who followed THCx without their own authorization to change their password. The few available details about the incident left people speculating that it was a phishing attack or that a third-party application provider had its database hacked.
However, in a new entry posted earlier today on the official Twitter status page, the administration reveals that it was neither of those. Instead, the threat seems to have originated in an unlikely place – external private torrent sites.
"It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own. [...] These sites came with a little extra - security exploits and backdoors throughout the system. This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up," Del Harvey, Twitter's director of trust and safety, explained.
Mr. Harvey concluded that a lot of users continue to employ the same login credentials, especially passwords, over multiple sites, which is a highly insecure practice. He did not go into details over how they investigated the torrent sites, but hinted that there was a high correlation between affected users and users who admitted to employing such sites.