cnet: Earlier this week, Twitter reset passwords for many of its users. Today, the micro-blogging site revealed details about the phishing attack that made that move necessary.
For the past few years, an unnamed person has been selling torrent sites that contain security holes. Those holes allowed the scammer to steal users' login credentials for sites like Twitter.
"While not all users who were sent a password reset request fall into this category, we felt that it was important to put this knowledge out there so that users would know of the possibility of compromise of their data by a third party unrelated to their Twitter account," said a Twitter spokesperson.
Twitter advises Torrent users to change their password and to make sure they use different passwords for different sites.