Skip to main content

Pinterest scam pushes spam images to Facebook, Twitter

Pinterest users just want to share photos of cats in buckets and their latest workout accessories, but a recent assault on the social pinboard site has infiltrated users' adjoining social networks.

As Sophos' Naked Security blog first reported on Wednesday, the account takeovers push spam onto Facebook and Twitter, where work-at-home schemes are showing up on users' timelines.

Accompanied by text like, "Omg this is so cool! Can't wait for more!" and "Omg this is so exciting! Too excited for next ones!", the messages include links to the spam images on the compromised Pinterest accounts, according to Sophos.

The security firm has not yet identified the origin of the attack, but said it could be the result of cross-site scripting, or drive-by download attacks on Web browsers.

"It's important to us that all the content on Pinterest is authentic and people's accounts are secure. That's why we're constantly monitoring for suspicious activity," a Pinterest spokesman told PCMag.

While the site has noticed an increase in spam from accounts accessed with compromised passwords, there is no evidence that Pinterest has been hacked, the company said. Instead, users may have fallen prey to phishing or other attacks, which the company differentiates from compromised corporate systems, databases, or infrastructure.

"We've found that users are able to secure their accounts with a simple password change," the spokesman said.

Pinterest has been notifying pinners with suspicious logins, via email, to identify the issue and protect their accounts.

As of Wednesday, Sophos said, Pinterest had removed a number of the images, though some were still available.

Though Pinterest strictly prohibits the spreading of spam via its site, that hasn't stopped hackers from infiltrating the virtual pinboard.

In April, as the website's popularity began to skyrocket, Pinterest fans were spammed with survey scams and tricked into downloading fake Android apps.