If you haven’t been living under a rock, you surely must have heard about Twitter, the micro blogging service that’s gathered a large following in the last couple of years. When it comes to security, Twitter hasn’t had a very good track record – they’ve got hacked several times and at one point a hacker even managed to get his hands on over 300 internal documents which was quite embarrassing. However, this post is not about Twitter getting hacked yet again – this time around it’s the miroblogging platform who’s warning its users of a possible exploit. Users of BitTorrent trackers that require registrations should pay particular attention to the warning – if Del Harvey (Director, Trust and Safety – Twitter) is correct, your login information on some torrent sites possibly on private trackers may have been compromised.
According to Del Harvey, Twitter began to investigate an unusual surge of followers for some Twitter accounts several days ago. Later it was found out that these accounts were gaining followers using illegitimate methods such as using stolen passwords and login information. And guess what, the Twitter team even managed to trace down the source of the exploit to a certain set of BitTorrent trackers/forums that require user registration. Below is is an excerpt from a blog post which was published earlier today by Del Harvey:
Torrent sites aren’t exactly “new”; however, this is one of the first times that we’ve seen an attack that came from this vector. It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own. However, these sites came with a little extra — security exploits and backdoors throughout the system. This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up. Additional exploits to gain admin root on forums that weren’t created by this person also appear to have been utilized; in some instances, the exploit involved redirecting attempts to access the forums to another site that would request log-in information. This information was then used to attempt to gain access to third party sites like Twitter. We haven’t identified all of the forums involved (nor is it likely that we’ll be able to, since we don’t have any connection with them), but as a general rule, if you’ve signed up for a torrent forum or torrent site built by a third party, you should probably change your password there.
You can read the full article on Twitter status blog using this link. Anyways the information presented is very vague and raises many questions than answers. What exactly does the author mean by “for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage” ? My best guess is that he’s talking about a torrent tracker script (aka a template). Is there really a backdoor on one of the major tracker scripts, still undetected by site coders? We can only speculate.
Either way it’s best to heed the warning and change your passwords ASAP on torrent sites as well as social networking sites, blogging services etc that you use online. And make sure never to use the same login information on different BitTorrent sites or invite forums - this will enhance the security of your accounts greatly and will prevent you from getting ‘chain hacked’ in the event of login information getting compromised.
Follow FILEnetworks on Twitter: http://twitter.com/filenetworks