Hidden Backdoors On Torrent Sites Led To The Latest Twitter Attack

Early this morning, Twitter began alerting certain users to reset their passwords because of a possible phishing attack. They later elaborated on it a bit but it still wasn't clear exactly what was going on. Now they've felt the need to fully go into exactly what went down â€" and it's fairly interesting. On their Twitter Status blog (interesting that it's not the main Twitter blog), Del Harvey, Twitter's Director of "Trust and Safety" has a post detailing the attack. Apparently, Twitter figured out that some torrent sites have been being created for a number of years by some individual who then sells them to others looking to get into the business. The problem is that this person seems to have included a backdoor into these sites so that they could access them later when the site became popular. And because people often use the same login and password across the web, a bunch of Twitter accounts were then comprimised with this data.