Twitter speaks out about hack attacks, tells users to beware
In an attempt to protect users that it feared were subject to a malicious hacker attack, Twitter has issued password-reset requests to all possibly affected accounts, the company wrote in a blog post Tuesday night.
Over the last five days, Twitter noticed a few accounts had a "sudden surge in followers." Believing the activity was odd, the company decided to push out password resets to all accounts that were following the suspicious users.
But after investigating the activities of those accounts, Twitter has found that many of their followers were subject to an intricate attack that might leave some open to data loss.
According to Twitter, an unidentified person has been building torrent sites -- places where Web users can download files from the Web -- for a number of years with the ultimate goal of exploiting users. After building the sites and establishing forums where users could discuss different topics, the person sold those pages to webmasters hoping to start their own download services.
The sites the buyers purchased included several security ...
... flaws and back doors, allowing their original creator to return when the sites grew in popularity and gain access to user names, e-mail addresses and passwords.
Twitter found that the malicious hacker used that information to attempt to gain access to several third-party sites, including Twitter.
For now, there's no way to tell just how widespread the issue is. Twitter is also unsure what the hacker's ultimate goal is.
That said, the social network wrote that users should be more careful in assigning passwords to their various user names.
"The takeaway from this is that people are continuing to use the same e-mail address and password [or a variant] on multiple sites," Twitter wrote on its status blog. "Through our discussions with affected users, we’ve discovered a high correlation between folks who have used third-party forums and download sites and folks who were on our list of possibly affected accounts. We strongly suggest that you use different passwords for each service you sign up for."
The issue of passwords is one that Twitter takes seriously. New users who sign up for the site won't be able to do so until they input a strong password at registration. In fact, the source code on Twitter's sign-up page reveals hundreds of banned passwords, including common favorites like "password" and "111111."
-- Don Reisinger