Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Twitter Gives Details On Phishing Attack

Social networking firm outlines exploit that forced many users to reset their passwords

Social networking giant Twitter yesterday gave an explanation for the forced reset of user passwords that it issued earlier this week.

In an unusual blog by Del Harvey, director of trust and safety, Twitter offered details on the phishing attack that occurred through torrent sites.

"It appears that for a number of years, a person has been creating torrent sites that require a login and password, as well as creating forums set up for torrent site usage," the blog says. The perpetrator then sold "these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own," Harvey says.

"However, these sites came with a little extra -- security exploits and backdoors throughout the system," Harvey continues. "This person then waited for the forums and sites to get popular, and then used those exploits to get access to the username, email address, and password of every person who had signed up.

"Additional exploits to gain admin root [access] on forums that weren't created by this person also appear to have been utilized," the blog says. "In some instances, the exploit involved redirecting attempts to access the forums to another site that would request log-in information. This information was then used to attempt to gain access to third party sites like Twitter."

Twitter hasn't identified all of the forums involved, and it probably won't be able to, Harvey says. "But as a general rule, if you've signed up for a torrent forum or torrent site built by a third party, you should probably change your password there," he advises.

The lesson: Don't use the same email address and password on multiple sites, Harvey warns.

"Through our discussions with affected users, we've discovered a high correlation between folks who have used third party forums and download sites and folks who were on our list of possibly affected accounts," the blog says. "While not all users who were sent a password reset request fall into this category, we felt that it was important to put this knowledge out there, so that users would know of the possibility of compromise of their data by a third party unrelated to their Twitter account."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25159
PUBLISHED: 2020-11-24
499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
CVE-2020-25654
PUBLISHED: 2020-11-24
An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went throu...
CVE-2020-28329
PUBLISHED: 2020-11-24
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19.
CVE-2020-29053
PUBLISHED: 2020-11-24
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
CVE-2020-25640
PUBLISHED: 2020-11-24
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.