Pinterest Temporarily Locking Down Compromised Accounts

ID THREATPOST:1E55266B2E4F528CA7E6789479753ABB
Type threatpost
Reporter Anne Saita
Modified 2013-04-17T16:31:49


The popular social sharing site Pinterest is addressing an uptick in suspected hacks by temporarily locking down suspicious accounts and forcing those users to create more unique passwords.

The lockouts follow a couple of weeks of notices that include an 11-question survey to help the company determine what’s behind the security breach. The first note, posted July 10 and titled “Help! Someone is accessing my account without permission,” suggested first changing the password and deleting any unauthorized pins or boards. It also warned any content deleted by the hackers cannot be restored.

“Please submit a ticket if you have any idea how someone may have gained access to your login information,” the notice said. “Consider whether you have recently encountered any misleading 3rd party apps, if you use web browser extensions, or if you use the same password on multiple sites. We also recommend running trusted antivirus software to check your computer for malware.”

A few days later, it issued a notice of locked accounts. “If your account is locked, we will log off all users and send you an email with instructions to create a new password.”

Comments posted on the social media blog LLSocial suggest some compromised accounts were linked to spam-like Facebook posts, while others wondered if recent password thefts at sites like LinkedIn and Lastfm might be connected.

The incident reinforces the best practice to not recycle passwords.

A spokesperson for Pinterest told Techcrunch, “It’s difficult to identify how a given account may be compromised. However, we suspect this spam may be related to the recent leaks of credentials from other sites, which serves as an important reminder to have unique logins and passwords for all the sites you use. “