The accounts, which “were associated with a specific piece of spam,” may have been compromised, Pinterest acknowledged. But the company blamed recent leaks of user log-in credentials from other websites, rather than a data breach of its own.
“We suspect this spam may be related to the recent leaks of credentials from other sites, which serves as an important reminder [for users] to have unique logins and passwords” for every site they use, a Pinterest representative said over email.
The most public recent incidents of leaked credentials involved LinkedIn and Yahoo. Roughly 6.5 million encrypted LinkedIn account passwords were posted online in early June, and 450,000 log-in credentials from Yahoo and other companies were exposed last week.
Pinterest began posting on July 10 advice to users in its help forum about reinstating locked accounts, which was first reported on TechCrunch.
On Monday, Pinterest asked users whose accounts had been locked to respond to a survey. The survey has since been removed, but the LLSocial blog noted that it did not include questions about LinkedIn or Yahoo accounts. Rather, it asked about email, Facebook and Twitter accounts and third-party Pinterest apps, according to LLSocial.
But Pinterest appears to have gotten the answers it needed. The company is now working on re-activating the accounts in question, it said.
Cameron Scott covers search, web services and privacy for The IDG News Service. Follow Cameron on Twitter at CScott_IDG.