Twitter reveals torrent scam details

A phishing attack, which forced Twitter to reset passwords for many users, stemmed from a torrent scam that stole log-in information from certain accounts.

Lance Whitney Contributing Writer

Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.

See full bio

Lance Whitney

Feb. 3, 2010 6:39 a.m. PT

2 min read

Twitter has revealed the back story on why it reset passwords this week for many of its users.

The phishing attacks that forced Twitter to change account passwords stemmed from discovery of a scam being run by a torrent Web site creator, explained Del Harvey, Twitter's director of trust and safety, in a blog post Tuesday evening.

Twitter had found that someone for the past few years had been building torrent sites and forums requiring a log-in and password. This person then sold these Web sites and forums to people interested in starting their own torrent download sites.

Unknown to the buyers, these sites actually contained security holes that allowed the cybercrook to gain access to the buyers' log-in information for sites like Twitter. This was done by grabbing log-in attempts to the forums and redirecting them to third-party Web sites where the criminals could capture a user's credentials.

"These sites came with a little extra--security exploits and backdoors throughout the system," Harvey said. "This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up."

A red flag was first raised on Twitter's end when it noticed an abnormally high number of followers for certain accounts. This prompted the company to investigate and eventually reset the passwords for anyone following those suspicious accounts. Twitter noted that although torrent sites have been around a while, this is the first time it's seen an attack using this angle.

"While not all users who were sent a password reset request fall into this category, we felt that it was important to put this knowledge out there so that users would know of the possibility of compromise of their data by a third party unrelated to their Twitter account," Harvey said.

Twitter advises people who have signed up for third-party torrent accounts to change their passwords at those sites and to refrain from using the same password at multiple sites. More tips on safe tweeting can be found on Twitter's help pages.