Twitter log on information hacked?
By siliconindia   |   Wednesday, 03 February 2010, 23:26 IST   |    3 Comments
Printer Print Email Email
Twitter log on information hacked?
Bangalore: A scheme is being used against twitter where torrent sites that had been set up specifically to skim usernames and passwords of people. Scammers were then able to use the data to gain access to Twitter and other sites because many people use the same logon for multiple services, reports BBC. Scammers were then able to use the data to gain access to Twitter and other sites because many people use the same logon for multiple services. "The takeaway from this is that people are continuing to use the same email address and password (or a variant) on multiple sites. We strongly suggest that you use different passwords for each service you sign up for," the firm said in a blog post. A survey of millions of people conducted by the security firm Trusteer, suggests that 73 percent of people share the passwords which they use for online banking, with at least one nonfinancial website. Around 47 percent of users share both their user ID and password with at least one nonfinancial website, it found. "Consumers are not aware, or are choosing to ignore, the security implications of reusing their banking credentials on multiple websites," said Amit Klein, CTO of Trusteer. Twitter said it found out about this scam after seeing unusual activity on the site. "It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own," said Twitter. The sites also contained security exploits allowing the person to steal usernames and passwords. "This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, e-mail address, and password of every person who had signed up." Twitter said that it hadn't identified all of the affected torrent sites but had reset the passwords of compromised accounts.

siliconindia