Twitter reveals torrent scam details [CNET News]
If you needed another reason to avoid BitTorrent P2P sites, Twitter has given users one. According to a blog post from Twitter's director of trust and safety, several Twitter users have had their Twitter passwords reset due to an exploit that may have compromised their account. That exploit originated on several torrent sites that required users to register and provide login information. Unknown to the users on these sites, the sites contained backdoors that allowed the operators to gain access to the users' login credentials for other sites, including Twitter.
Ostensibly these users were frequenting the torrent sites in question to get links for files to download via P2P applications. Unfortunately, they got more than they bargained for. Twitter discovered the issue when many of the hacked accounts started abnormally following a small number of other Twitter users. As a result of the investigation into this suspicious activity, Twitter discovered the fraudulent torrent sites and reset the impacted users' Twitter passwords.
As this story illustrates, many of these torrent tracking web sites are run by unscrupulous individuals that could care less about those who frequent their sites. It's just not worth becoming a victim of one of these sites to get the latest bootleg television show or movie.
Not that I support illegal file sharing, but as I've been reading about it, Twitter is blaming the stolen login creds on phishing attacks not "backdoor" torrent sites.
Posted by: JDF | Friday, February 05, 2010 at 02:28 PM