Twitter required some users to reset their passwords on Tuesday after discovering that their log-in information may have been harvested via security-compromised torrent Web sites, the company said.
For years, a malicious hacker has been setting up file-sharing torrent sites that appear legitimate and then selling them to well-meaning buyers who want to own their own download site, explained Del Harvey, Twitter's director of trust and safety, in a blog post.
However, the sites are riddled with malware and backdoors that allow the malicious hacker to steal log-in credentials -- like e-mail addresses, usernames and passwords -- from users who sign up for them.
Since people often use the same log-in information for multiple sites, the hacker has been breaking into Twitter accounts and possibly other social networks.
Twitter started investigating after it noticed an uncharacteristic spike in followers for a couple of accounts in recent days. It prompted users in the follower list of these accounts to reset their passwords.
The main takeaway for Twitter users: "We strongly suggest that you use different passwords for each service you sign up for," Harvey wrote.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.