Sign up to our newsletter
The latest security news direct to your inbox
Picture-sharing social media site Pinterest appears to have been hacked, as multiple users reported weight-loss spam messages both on Pinterest itself and on Twitter.
The Pinterest spam had a health and fitness theme, promising an ‘asian fruit that burns fat for you’, and boasts from users claiming ‘I’m 12 pounds lighter as of today!!’. The messages carry links which conceal malware, redirecting to a fake women’s health site as well as spreading the spam, according to ProgrammableWeb.
User preferences were also altered by the attack, with several users revealing that the options to mirror Pins to Twitter and Facebook had been ‘mysteriously enabled’ following the attack. It was not clear whether user preferences were changed manually or automatically.
Pinterest responded to the spam attack, telling TheNextWeb : “The security of Pinners is a top priority. We were alerted to some instances of spam and responded by immediately placing impacted accounts in safe mode, and reaching out to Pinners as we solved the issue. We’re constantly working on ways to keep Pinners safe through reactive and proactive steps, as well as educating them on the importance of using complex and unique passwords.”
Together with the importance of strong passwords, security researchers familiar with the hack are advising users to be careful which plugins or add-ons they enable in Pinterest, as well as highlighting a potential vulnerability around social authentication logins – the practice of using Twitter or Facebook login details to access Pinterest.
This is not the first time Pinterest has been the victim of hackers. In March this year, a large number of accounts were hacked and posted pictures of women in lingerie or swimwear, along with comments that also had a weight loss theme.
Pinterest has grown enormously since its launch in 2010 – according to Comscore, it is the 39th most popular site in the US. A recent bout of fundraising from investors (which raised $200m) valued the company at $5bn.
Author Alan Martin, ESET