A hacker from Mauritania says he has gained access to a substantial trove of Twitter login details, which he has published online. The haul doesn’t include passwords, but now would be a good time to revoke the access of third-party apps to your Twitter account (before re-establishing that access as needed).
The hacker, who goes by the name of Mauritania Attacker, leaked just over 15,000 account details early on Tuesday through the file-sharing service Zippyshare. However, the Indian security site Techworm said it had interviewed him, and he apparently claimed to have access to the “entire database of users on Twitter.”
More money for electronic health records: Modernizing Medicine gets $14M in Series C round
Email insecurity fears take out legal discussion site Groklaw
Islamist hacker publishes access details for thousands of Twitter accounts
The plain-text file that Mauritania Attacker published included Twitter user IDs and the associated OAuth tokens that are used to connect Twitter accounts to third-party services without having to reveal the user’s password to those services. However, this information in itself can help miscreants gain limited access to people’s accounts if they run the right script.
It is not clear right now whether Mauritania Attacker did actually get these details from Twitter’s systems or whether he hacked into a third-party service that connects to people’s Twitter accounts. It is far more likely that he hacked a third party — the alternative would be that he broke into Twitter’s authentication server, which is “possible but unlikely,” security expert Alan Woodward, of the University of Surrey in the UK, told me.