According to a blog on Tuesday, Twitter’s director of trust and safety, Del Harvey, explained that Twitter had to take action to reset passwords when it discovered that torrent Web sites were running a scam.   A number of torrent sites were built that required a log-in and password.  As these Web sites and forums were sold to people who wanted to own their own torrent site, the buyers did not realize that the sites were compromised with security leaks that allowed the cybercriminals access to the buyers’ log-in info for Twitter and other sites.   As users tried to log-in to forums, they were sent to third-party Web sites where the users’ passwords were obtained.  "These sites came with a little extra--security exploits and backdoors throughout the system," Harvey stated. "This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up."

Twitter became suspicious when it became apparent that there were an extremely high number of followers for select accounts. After investigating, it began to password resets for followers of suspicious accounts.   This was the first time Twitter has seen torrent accounts used to stage an attack in this way.   "While not all users who were sent a password reset request fall into this category, we felt that it was important to put this knowledge out there so that users would know of the possibility of compromise of their data by a third party unrelated to their Twitter account," Harvey stated.

Related Link:

http://news.cnet.com/8301-1009_3-10446586-83.html