Users warned to vary passwords as torrent site scam is identified by Twitter

Internet users are once again being warned not to use the same passwords across multiple websites, so as not to make life easy for hackers looking for quick route in to users' accounts.

The warning comes as social networking site Twitter revealed that phishing attacks on its site have been linked to use of forums on torrent sites. The company began investigating unusual spikes in followers for a couple of accounts, and what it discovered prompted it to force some users to change their passwords, as well as issuing a general warning to all web users.

It seems that for some time, hackers have been setting up compromised file-sharing sites - known as torrent sites - which have then been sold on to unsuspecting buyers wishing to run their own download sites. Once the sites were up and running, the hackers used the built-in back doors to gain access and harvest usernames and passwords from anyone using the sites. Then, exploiting the fact that so many internet users re-use the same or similar passwords for multiple sites, the hackers used those passwords to break into Twitter accounts.

Phishing scams are getting more and more sophisticated, and experts are warning that there is now a good chance that they won't just trap the web novice - even users who consider themselves internet-savvy can be caught out. And while a hacked Twitter account isn't the end of the world, it is this kind of activity which demonstrates why users should have a different password for every single site they use - so that if they should fall foul of a phishing scam, only one account can be compromised, not all of them.