Twitter forces password reset to protect some accounts

The company has discovered that log-in information has been stolen in compromised torrent file-sharing sites

Twitter required some users to reset their passwords on Tuesday after discovering that their log-in information may have been harvested via security-compromised torrent Web sites, the company said.

For years, a malicious hacker has been setting up file-sharing torrent sites that appear legitimate and then selling them to well-meaning buyers who want to own their own download site, explained Del Harvey, Twitter's director of trust and safety, in a blog post.

However, the sites are riddled with malware and backdoors that allow the malicious hacker to steal log-in credentials -- like e-mail addresses, usernames and passwords -- from users who sign up for them.

Since people often use the same log-in information for multiple sites, the hacker has been breaking into Twitter accounts and possibly other social networks.

Twitter started investigating after it noticed an uncharacteristic spike in followers for a couple of accounts in recent days. It prompted users in the follower list of these accounts to reset their passwords.

The main takeaway for Twitter users: "We strongly suggest that you use different passwords for each service you sign up for," Harvey wrote.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags twitterexploits and vulnerabilitiespasswords

Show Comments