Twitter has identified a scheme that uses compromised file-sharing sites to steal the log on information of users.
The service said it had discovered a number of compromised torrent sites that include code used to skim usernames and passwords.
Torrent sites acts as indexes of links to TV, film and music files.
Scammers were then able to use the data to gain access to Twitter and other sites because many people use the same logon for multiple services.
The firm has reset the accounts of affected users.
The conclusion is echoed by security researchers who say it is a particular problem for banking websites.
A survey of millions of people conducted by the security firm Trusteer, suggests that 73% of people share the passwords which they use for online banking, with at least one nonfinancial website.
Around 47% of users share both their user ID and password with at least one nonfinancial website, it found.
Twitter said that it had discovered the scam after seeing unusual activity on the site.
After doing some digging the firm found a network of compromised torrent sites that included code that could be used to harvest logon information.
The sites also contained security exploits allowing the person to steal usernames and passwords.
Twitter said that it hadn't identified all of the affected torrent sites but had reset the passwords of compromised accounts.
The information comes as security firm Sophos launched its annual report.
One of its findings that spam and attacks on social networks - such as Twitter and Facebook - had risen 70% in the last year.
Facebook was branded the riskiest network, although the firm also pointed out that it was also the largest and would therefore attract the most attention form cybercriminals.
No comments:
Post a Comment