Tag Archives: security

LLsocial.com has been covering this issue and has details, advice and a link to a Pinterest survey you can fill out if you have been hacked

Mysterious cause of Pinterest user hacks remains unknown. Pinterest now locking accounts.

Since my last blog post on Pinterest users’ accounts being hacked, I have been discussing possible causes of the hack with affected users (see the 25 comments here). The hacking issue seems to be getting worse, and now Pinterest is proactively addressing this issue by locking down accounts that they determine are exhibiting suspicious activity.

Users are getting locked out of their accounts when a possible hack is detected by Pinterest.

On July 10th, Pinterest posted an update to their Account Security customer service page. This update acknowledged that simply changing your password did not always prevent your account from being hacked again. What they suggested that users do if changing the password didn’t work, was extreme.

  • If changing your password does not solve the issue, change your password again and immediately deactivate your account. Please return to this support article in 1-2 weeks for additional instructions; we are working on a process that will enable users to reset their accounts.
  • Unfortunately, we are unable to restore any deleted boards or pins.

Essentially, the user could lose all their pins, and Pinterest would get back to the user in 1 to 2 weeks.

On July 13th, Pinterest posted a new update. In it they let users know that Pinterest would be locking some accounts that had suspicious activity, and the post provided details on how to reset passwords. They indicated it would take several days to get accounts reopened, and they indicated that previous pins wouldn’t be lost.

Here is an example message a user would receive if their account is locked.

(screencap from @sfonzi5)

User survey provides clues into what Pinterest is investigating

On Monday (7/16), Pinterest published a support page that has a Google Docs survey on it. All users who are locked out or have had suspicious pins posted on their account are being asked to fill out the survey. Pinterest likely doesn’t know the exact cause of these hacks and is trying to use detail user feedback to determine what is causing these accounts to be compromised.

The questions in the survey seem to show that Pinterest is casting a broad net in terms of figuring out this issue. Topics in the survey include:

  • Compromised email, Facebook, or Twitter accounts
  • Gift certificates or rewards requiring a Pinterest Login as well as email phishing
  • Third party Pinterest clients and apps
  • How the user accesses Pinterest, even getting as detailed as different phone models
  • The use of antivirus software
  • Browser based 3rd party plugins, add-ons and tool bars

There is no mention of LinkedIn, LastFM or Yahoo accounts. I speculated in the comments of my last blog post , that someone could be using hacked information from those sites to access Pinterest user accounts. The survey questions would lead me to now believe that, that theory was incorrect.

If it was simply an issue of users not being careful with their password or clicking on compromised links, it is likely that Pinterest would not be digging as deep into this issue as they are.

Advice for Pinterest users

If you are hacked, changing your password is the best step to protect yourself.

If you are not hacked, you should be using a password that is unique to your Pinterest account.

At this point, I have to advise that you don’t enter any contests on Pinterest. While many people had their accounts hacked without clicking on anything, it seems that the Pinterest hacks hit the sweepstakes community particularly hard. The likely reason is clicking on hacked pins which are often promotional in nature.

Pinterest has published their own lists of ways to protect your pins. I recommend you check it out.

If you have been affected by the hack, you are welcome to post a comment with any details you think might help others figure out the cause. You can also comment in our active discussion here.

Update 7/21: Pinterest responds to IDG about the hacking. They say:

“We suspect this spam may be related to the recent leaks of credentials from other sites, which serves as an important reminder [for users] to have unique logins and passwords”

Avoid these images that appeared on hacked Pinterest boards accounts

Protect yourself from the newest hacking of Pinterest accounts.

Update 7/19: The article below is still relevant, and you should check out the comments for ongoing discussion, but I have another update about Pinterest locking accounts along with an official Pinterest hacking survey that all users who had their accounts hacked should complete.

Updated 7/8: Based on user experiences, if you have been hacked, the first thing you should do is change your Pinterest password. This worked for at least one of the Pinterest users who posted in our comments.

It is unclear how hackers are getting access to Pinterest accounts, but in the last three days there has been a number of signs that hacking is again becoming a problem on Pinterest.

Traffic to my post on the March hacking of Pinterest has increased considerably starting on July 5th, and you can find a number of people on Twitter complaining about being hacked.

A blogger for the Identify Theft Resource Center posted a hacking experience. This person believes the issues

might have started on Facebook.

Just now I happened to come across a Facebook post about how to make a very cool iPad case using wallpaper so I thought I would go ahead and pin it so I could check it out later. This is when the trouble began.

I have several different “boards” on my Pinterest to organize what I find online, but the board to which this particular link wanted to post to was called “Make Money Online”.  Fairly certain that I had not created that board, I logged into the site and found that several boards had been created and items had been pinned to them.  The pinned items, when clicked on, would lead someone to either an online job scam or a malware download.

Since I first published this article, two people shared their experiences in the comments, and neither of them believe that they got hacked by clicking something in Facebook.

Pinterest users have also been commenting on some of these hacked pins trying to figure out the issue. A sample of the comments include:

I have been deleting these. I get at least two a day now!

Glad to see I’m not the only one having this pop up on my account and unwanted at that! I’ve reported it every time with no kind of feedback! Every day it reappears under some other board that I didn’t create!

Blogger C McKane has a blog post with some tips on what to do if you account has been hacked.

I included some of the images the hackers have been using at the top of this post. Definitely don’t click on any pin that has these images in it.

If you account has been hacked, please share your story in the comments. If you have a guess as to why the hack might of happen, please post the details so others can avoid this issue.