Last month, Pinterest users started to complain on Facebook and Twitter about their accounts getting hacked and pushing spam onto the social networks. The company never got back to The Next Web when we requested for comment on the situation. A quick check this month shows that the problem continues with more users reporting their accounts have been breached.
Today my colleague Josh Ong experienced the same issue: “Damn, someone hacked my Pinterest account. I don’t even use it. I logged on and someone had pinned four spam posts.” A quick search on Facebook shows that there was a significant increase in complaints starting last night and into this morning.
It’s worth noting that Ong was notified by an email from Pinterest, but it was slightly different from the one a Pinterest user got on his iPhone last month, which we originally reported on. Pinterest users seem to be getting this email now:
We think someone may have logged into your Pinterest account without your permission. Please create a new password to secure your account. Reset Password
Someone just logged into your Pinterest account from a new location in Malaysia. To protect your pins, we’ve put your account in read-only mode – no changes can be made to your pins or account settings until you secure it with a new password. After you create a new password, your account will be fully functional.
The Pinterest Team
Ong’s account was reportedly accessed from Malaysia, according to Pinterest. A quick search on Twitter shows other users have received similar emails pointing to their accounts being logged into from Argentina, Bolivia, Brazil, Ethiopia, India, Indonesia, Iran, Malaysia, Morocco, Russia, and Vietnam. One of the users who was hacked last month reported his account was accessed from Guyana.
This suggests two possibilities. Multiple attackers all over the world could be using the same method to access Pinterest accounts and post spam. More likely, however, one group of cybercriminals is using a botnet to breach the accounts and spread their nonsense.
If someone has accessed your Pinterest account without permission, head over to the Account Security wepbage. Here is what the company recommends you do:
If you notice boards, pins or other activity on your account that you did not create, it’s possible someone has gained access to your account.
- First, change your password immediately by logging in and going to the Settings page. Then, you can delete any pins and/or boards that were created.
- If changing your password does not solve the issue, please submit a ticket for assistance.
- Unfortunately, we are unable to restore any deleted boards or pins.
- Please submit a ticket if you have any idea how someone may have gained access to your login information. Consider whether you have recently encountered any misleading 3rd party apps, if you use web browser extensions, or if you use the same password on multiple sites. We also recommend running trusted antivirus software to check your computer for malware.
If you submit a ticket, please file it under Policy & Abuse -> Hacked Account.
I have once again reached out to Pinterest about this issue. A spokesperson told me he will be looking into Ong’s account. I will update you if and when I learn more.
Update at 1:30PM EST: Pinterest says it isn’t seeing many similar reports. I have pointed the company towards specific user complaints on Facebook and Twitter. In the meantime, the company offered a reassuring statement.
“It’s important to us that all the content on Pinterest is authentic and people’s accounts are secure,” a Pinterest spokesperson said in a statement. “That’s why we’re constantly monitoring for suspicious activity. Unfortunately, though, spammers are out there attempting to compromise people’s Internet credentials and then trying those credentials on major websites. We respond to user reports and send emails to pinners with suspicious logins to help them identify the issue and protect their pins. We hope pinners will remember to use strong and unique passwords for their accounts.”
Image credit: Christa Richert
Pssst, hey you!
Do you want to get the sassiest daily tech newsletter every day, in your inbox, for FREE? Of course you do: sign up for Big Spam here.