Spam from compromised accounts on the photo-based social network Pinterest is popping up on other parts of the Web as well.


In a blog post, Sophos, a Web security firm, said it's not clear how the offending accounts were compromised but the computer security firm speculated that spammers may have gained access as a result of cross-site scripting or a drive-by download attack that exploited security vulnerabilities in Pinterest users' browsers.


The spam likely found its way onto other social networks when spammers came across user accounts that were linked to corresponding ones on sites like Facebook and Twitter. Some of the most popular social networks allow users to post to one site from one on another account, including Facebook, Twitter and Pinterest.


The spam came in the form of posts and tweets that read "Omg this is so cool!" or "Can't wait for more!" with links back to the original spam on Pinterest. The actual Pinterest posts promote "make money at home" and "get paid for your opinion" schemes.


The San Francsico-based image-heavy site has taken down many of the spam posts, which expressly violate the community's terms of use, but some are still viewable.


Once each user discovered their account had been breached, they took to the same sites the spam appeared on to express their displeasure and apologize.


"Ummmmm. Not happy with #pinterest. Just saw a bunch of tweets from me that I didn't send. #spam Sorry folks!" tweeted Rich Lisney under the handle @WelshFyr.


Launched in March of 2010, Pinterest is still relatively new, but already no stranger to spammers. In March, spammers used the site to blast ads for weight loss products and dietary supplements.


Related on SecurityNewsDaily:



This story was originally written for SecurityNewsDaily and was reprinted with permission here. Copyright 2012 SecurityNewsDaily, a TechMediaNetwork company. All rights reserved.