Pinterest has been locking user accounts due to suspicious activity, after a string of disappearing or changed user data. But as the source of the security breach is still being determined, users are advised to keep their passwords unique and to make sure they don't fall victim to social engineering attacks.
Malicious hackers are getting more social. After security breaches involving professional network LinkedIn that exposed millions of passwords, social photo-sharing service Pinterest is now the target of a security attack that has left user data missing, deleted or compromised.
LLSocial details how Pinterest users have observed suspicious activity on their accounts, including the system sending them password change notifications. While users have responded by actually changing their passwords to mitigate access by unauthorized parties, a notice from Pinterest has acknowledged that changing passwords may not be enough in protecting one's account.
This is indicative that the breach may go deeper than hackers gaining password access from third-party sources. Since the breach, Pinterest has undertaken steps to protect user information, to the extent of locking out accounts altogether. Pinterest management is looking into possible sources of the breach, and has posted a survey for locked-out users. But until the security problem is resolved, users may lose Pins and Boards, and may have to wait one to two weeks before Pinterest contacts them for a fix.
If changing your password does not solve the issue, change your password again and immediately deactivate your account. Please return to this support article in 1-2 weeks for additional instructions; we are working on a process that will enable users to reset their accounts. Unfortunately, we are unable to restore any deleted boards or pins.
It does sound strange that Pins and Boards could disappear altogether without Pinterest being able to restore accounts from backups. To date, Pinterest still doesn't know the exact source of the breach, which may include the use of similar passwords on other web services, leaks from the database, or other sources.
Social Engineering on the Rise?
Pinterest has responded to a TechCrunch post detailing the security breach, and says they "suspect this spam may be related to the recent leaks of credentials from other sites, which serves as an important reminder to have unique logins and passwords for all the sites you use." In the meantime, Pinterest gives a few suggestions on how users can protect Pins. These tips should also be useful for anyone using other online services. Rules of thumb: use unique passwords and don't haphazardly give out passwords after clicking on email links.
If anything, this is a clear indication that as social networking grows in popularity, users also become more vulnerable to social engineering attacks.