"Omg this is so cool!" Pinterest hack feeds spam to Twitter and Facebook

Filed Under: Facebook, Featured, Malware, Social networks, Spam, Twitter

Users of the social, image-sharing network Pinterest are complaining about widespread account takeovers that have spilled image spam onto adjoining social networks like Twitter and Facebook.

Though notice of the scam has picked up in the last day, there’s evidence that the spam runs have been going on for more than a week, with spammers posting images promoting work-at-home schemes.

Pinterest Scam

The images were accompanied by messages such as “Omg this is so cool! Can’t wait for more!” and “Omg this is so exciting! Too excited for next ones!” The messages were accompanied by links back to the spam images on compromised Pinterest accounts.

Pinterest Hack-TwitterAs of Wednesday, Pinterest had removed many of the offending images, though some could still be viewed.

Users who had linked their Pinterest account to adjacent social networks like Facebook and Twitter found that the spammers quickly took advantage of that access, blasting out tweets and wall posts linking to the spammy images.

One, viewed by Naked Security, was advertising a work-at-home scheme that pays people to fill out online surveys.

“Someone hacked my Pinterest account. WHY?” lamented the Twitter user @Peterkin. Others posted messages apologizing to Twitter followers and promising to change their Twitter account password.

While it’s not clear how the compromises happened, they were likely the result of cross-site scripting or drive-by download attacks on the users’ web browsers.

Pinterest, based in San Francisco, California, is a popular and fast-growing social network that allows users to share photos and other images online. It has 20 million users and, in May, landed a $100 million investment from Japanese e-commerce firm Rakuten, valuing the startup at $1.5 billion.

Spamming is explicitly forbidden by Pinterest’s terms of use, but that hasn’t stopped aspiring spammers from latching onto the click-happy medium.

As Naked Security reported in March, successful spammers have made good money by leveraging the network to blast out ads for things like Acai Berry diet products.

Those scams have raised questions about whether the fast-growing network is doing enough to stop spammers from using its network as a launching pad.

Pinterest advises customers who have had their account taken over to change their password immediately and warns that “misleading third party apps” and “web browser extensions” often play a part in account takeover incidents.

The site also advises users to have a unique password for each social networking site – though it doesn’t say anything about refraining from linking your Pinterest account to other social networking services.

ATM and PIN machines images courtesy of ShutterStock.

, , , , , , , , , , , , ,

You might like

3 Responses to "Omg this is so cool!" Pinterest hack feeds spam to Twitter and Facebook

  1. LordDeb · 685 days ago

    Interesting, nothing and no one can feel sure in the internet today...

  2. waiter · 685 days ago

    Explain account linking, please.

  3. Sebastian · 654 days ago

    Very pinteresting!
    Well done guys! Playing big means making big mistakes ah?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul is a Boston-based reporter and industry analyst with more than a decade of experience covering the IT industry, cyber security and hacking. His work has appeared on threatpost.com, The Boston Globe, salon.com, NPR's Marketplace, Fortune Small Business, as well as industry publications including ZDNet, Computerworld, InfoWorld, eWeek, CIO , CSO and ITWorld.com. Paul got his 15 minutes as an expert guest on The Oprah Show - but that's a long story.