Cyber Incident Victim: Pinterest
Date:
Dec 2017
Location:
Egypt
Summary
Pinterest users reported unauthorized access attempts, prompting concerns of a breach, with security researcher Scott Helme experiencing a login attempt from Egypt on an old account despite using a unique password. The company attributed the incidents to credential stuffing attacks leveraging credentials from third-party breaches, advising users to reset passwords and enable two-factor authentication. While Helme later speculated his compromised account might have used an older, non-unique password from a previous system, Pinterest denied any confirmed breaches of its own systems or involvement of the Zendesk support breach (which lacked password data) in the attacks. The situation highlighted discrepancies between user reports of unique passwords and the company's credential-stuffing explanation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In December 2017, Pinterest users reported widespread concerns about unauthorized account access, evidenced by significant spikes in Google searches for "Pinterest hacked" and Twitter trends for "pinterest password." Security researcher Scott Helme disclosed that his dormant Pinterest account had been temporarily frozen following login attempts originating from Egypt. This incident raised initial alarm because Helme used a unique, randomly generated password managed through 1Password, with no reuse across other services. Pinterest attributed the activity to credential-stuffing attacks leveraging credentials exposed in third-party breaches unrelated to its platform. The company initiated account-securing measures, including proactive email notifications urging users to reset passwords and enroll in two-factor authentication.
Helme later reconstructed that his compromised account was an older profile created under a previous email address, which he had abandoned years earlier after migrating to a password manager. This legacy account utilized a password derived from an outdated personal system, potentially exposed in an unrelated breach. While Helme accepted Pinterest’s credential-stuffing explanation as plausible, security expert Troy Hunt contested the scope, observing patterns exceeding typical password-reuse attacks. Pinterest maintained it found no evidence of unique-password compromises and dismissed any connection to a 2013 Zendesk breach involving support email addresses, noting that incident did not expose passwords. The company reiterated its reliance on multi-layered security protocols while emphasizing user responsibility for strong, unique passwords across platforms.