Earlier this week, many Twitter users discovered that the social website had reset their passwords. The company said late Tuesday that it noticed a "sudden surge" in followers for a couple of accounts over the last five days. Suspecting foul play, Twitter decided to "take action first and ask questions later" by resetting the passwords of all accounts following the suspicious users.
According to this Twitter blog, the company investigated the situation a little further and discovered that someone was executing a well-planned scam that leeched the personal info from unsuspecting customers. Twitter's Director of Trust and Safety Del Harvey said that this cybercrook built and sold torrent-forum websites for many years, created with special security exploits and backdoors that conveniently gave him access to the personal info of the original buyer and every visitor who signed up to use the site's forums.
Harvey said that the information gathered by the scam included usernames, passwords, email addresses, and other personal data.
"Additional exploits to gain admin root on forums that weren’t created by this person also appear to have been utilized; in some instances, the exploit involved redirecting attempts to access the forums to another site that would request log-in information," he said. "This information was then used to attempt to gain access to third party sites like Twitter."
Harvey said that there was a huge correlation between users of third party forums and download sites, and those that appeared on Twitter's list of "possible" affected accounts. Harvey suggested that web surfers should use different log-in credentials--at least different passwords--when using multiple sites.