Twitter Discloses User Password Theft Scheme Via Torrent Sites
Twitter said it has identified a scheme to try to steal user account names and passwords and is asking some users to update their passwords as a result.
The micro-blogging service disclosed in a notice to developers late Tuesday that an unidentified person had been creating so-called “torrent” sites and forums for “a number of years” with the sole purpose of getting users to input user names and passwords the person could use to gain access to Twitter accounts.
The person “waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up,” the notice stated.
Torrent sites are those that allow users to search for files sent through file-sharing service BitTorrent. Twitter didn’t identify any specific sites and forums it believes to be gathering the data.