New Delhi, India, June 19, 2014: ESET alerts users on picture-sharing social media site Pinterest on weight loss spam as multiple users reported weight-loss spam messages both on Pinterest itself and on Twitter. This is not the first time Pinterest has been the victim of hackers. In March this year, a large number of accounts were hacked and posted pictures of women in lingerie or swimwear, along with comments that had weight loss theme.
The Pinterest spam had a health and fitness theme, promising an ‘asian fruit that burns fat for you’, and boasts from users claiming ‘I’m 12 pounds lighter as of today!!’ These messages carry links which conceal malware, redirecting to a fake women’s health site as well as spreading the spam, according to Programmable Web.
User preferences were also altered by the attack, with several users revealing that the options to mirror Pins to Twitter and Facebook had been ‘mysteriously enabled’ following the attack. This was not clear whether user preferences were changed manually or automatically.
Pinterest responded to the spam attack, telling TheNextWeb : “The security of Pinners is a top priority. We were alerted to some instances of spam and responded by immediately placing impacted accounts in safe mode, and reaching out to Pinners as we solved the issue. We’re constantly working on ways to keep Pinners safe through reactive and proactive steps, as well as educating them on the importance of using complex and unique passwords.”
Together with the importance of strong passwords, security researchers familiar with the hack are advising users to be careful which plugins or add-ons. They enable in Pinterest, as well as highlighting a potential vulnerability around social authentication logins, specially the practice of using Twitter or Facebook login details to access Pinterest.