Hidden Backdoors On Torrent Sites Led To The Latest Twitter Attack

Early this morning, Twitter began alerting certain users to reset their passwords because of a possible phishing attack. They later elaborated on it a bit but it still wasn’t clear exactly what was going on. Now they’ve felt the need to fully go into exactly what went down — and it’s fairly interesting.

On their Twitter Status blog (interesting that it’s not the main Twitter blog), Del Harvey, Twitter’s Director of “Trust and Safety” has a post detailing the attack. Apparently, Twitter figured out that some torrent sites have been being created for a number of years by some individual who then sells them to others looking to get into the business. The problem is that this person seems to have included a backdoor into these sites so that they could access them later when the site became popular. And because people often use the same login and password across the web, a bunch of Twitter accounts were then comprimised with this data.

To make matters worse, it seems that there were also other exploits on these sites that allowed other hackers to gain access to data. Harvey doesn’t name any of the torrent sites involved (and says they likely won’t even be able to figure out all of them), but notes that if you’re a torrent site user, you should probably change your Twitter password immediately.

Harvey titles her post, “reason 4,132 for changing your password” — but really it should be, “reason 4,132 for not using the same login/password on all sites.” Here’s the main nugget:

The takeaway from this is that people are continuing to use the same email address and password (or a variant) on multiple sites.  Through our discussions with affected users, we’ve discovered a high correlation between folks who have used third party forums and download sites and folks who were on our list of possibly affected accounts.

[photo: flickr/Daquella manera]