Information Security Asked on January 4, 2021
I just got an email from the Unsplash service telling me that someone had logged into my account via credential sniffing:
Five minutes later I get three more emails, each one notifying that a (generic) photo just uploaded to the account had been flagged.
The news doesn’t surprise me because the password is a weak throwaway that I know is in several public databases, and this latest attempt is possibly linked to last week’s Cit0 service leak, which I am in, but I’m curious about two things:
We can't know how Unsplash detected it unless they tell us. However, many large websites have some sort of abuse tooling to automatically detect patterns. For example, Unsplash may import compromised credentials from public databases and match logins on those accounts from certain shared IP addresses. Clearly they've seen this pattern before since they have a pre-canned email about it.
In general, any site of reasonable size that has a social aspect where there can be likes or ranking of items is subject to abuse from bots who sell paid likes. As for who would want this, consider being able to put on your resume that you're one of the top ten most popular photographers on Unsplash. That would be very appealing indeed. It may also cause search engine rankings for your user ID or name to be better, especially if they show up on a favorites or top photos page.
As for why the attackers uploaded images, because it's very easy to find empty accounts that only give out likes. If a user engages in a variety of types of activity, it makes it seem less suspicious, so the site is less likely to catch on to the pattern. They also may like unrelated accounts to make it less obvious who's paying them if they do get detected. Most sites don't permit gaming the system in this way (or using automated systems to do this) and the attackers' service wouldn't be very popular if many of their customers' accounts got cancelled.
Correct answer by bk2204 on January 4, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP