|LulzSec Reborn Leaks 10,000 Twitter User Passwords After Using TweetGif Application|
LulzSec Reborn Leaks 10,000 Twitter User Passwords After Using TweetGif Application [securitywatch.pcmag.com]
|LulzSec Reborn, the so-called redux of disbanded hacker group LulzSec, leaked around 10,000 Twitter usernames and passwords of members who used TweetGif, an animated Gif-sharing application. |
The file contained an unusually detailed trove of information on each member: usernames, passwords, real names, locations, bios, avatars, secret tokens used to authenticate TweetGif to pull Twitter data, and even their last tweet. The hackers' motivations are unclear at this point; an announcement posted on Pastebin merely linked to a destination for people to download the .SQL file.
An update from Twitter:
|"We can confirm that all Twitter account passwords have remained secure, and no breach of our systems has occurred in connection with the events experienced by TweetGif. Regarding how TweetGif was compromised, we can't speak on their behalf. |
Since this application used OAuth, no user passwords were exposed;
If this was an OAuth-using app then the passwords shouldn't have been disclosed. A lot of the other information gathered is spooky though. It amkes me think twice about approving apps these days.
|It amkes me think twice about approving apps these days. |
That's the same route i've taken, too. It's too easy to approve an app, but, really, I ask myself, do I really need it.
people are so used to allowing apps access to all kinds of data that they become desensitized.