The mystery of the off-Twitter phishing attack, due to which some account passwords have been reset by the service, has been solved.
Del Harvey, Director and leader of Twitter’s Trust and Safety team posted an explanation, in which she says that a couple of accounts have witnessed a massive surge in the number of followers in the last five days, with no apparent reason.
Finding it rather suspicious, they decided to head off a potential complication by resetting the passwords of all the followers and notifying them about their need to set new passwords by themselves. They have, of course, continued to delve into the matter and have come up with an interesting result.
“For a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own. However, these sites came with a little extra — security exploits and backdoors throughout the system,” writes Harvey.
After a while, when these forums and sites became popular, this person used those backdoors and gained access to all the login credentials of all the users on those sites. Taking advantage of the fact that a lot of people use the same combination of username and password for many different sites and online services, this person used the login credentials to attempt to access Twitter accounts. And, obviously, succeed with some.
It is likely that this attack was also tried on other third-party services, but so far nobody acknowledged such a breach. It is impossible to know all of the forums and sites compromised, so Harvey advises all those who have ever signed up for a third-party torrent site or forum, to change their passwords into one they never used anywhere else. Also, in general, to use different passwords for each service they sign up for.