Hacker group LulzSec Reborn recently published login credentials for approximately 10,000 users of the Twitter GIF-sharing app TweetGif.
"LulzSec Reborn claims to be a resurrected form of LulzSec, which came to notoriety last year for high-profile attacks on US corporations and State departments," writes SiliconRepublic's John Kennedy.
"The file contained an unusually detailed trove of information on each member: usernames, passwords, real names, locations, bios, avatars, secret tokens used to authenticate TweetGif to pull Twitter data, and even their last tweet," writes PCMag.com's Sara Yin. "The hackers' motivations are unclear at this point; an announcement posted on Pastebin merely linked to a destination for people to download the .SQL file."
"TweetGif is a service that allows registered users to post animated Gifs on their Twitter feed," writes TechSpot's Shawn Knight. "The catch is that they have to provide their Twitter login information for the service to work, not unlike many other third party social network applications that have faced security issues. The service itself is rather small with less than 75,000 visitors globally and fewer than 700 followers on the company’s Twitter account."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
In a statement e-mailed to SecurityNewsDaily, however, a Twitter spokesman said no passwords were compromised. "We can confirm that all Twitter account passwords have remained secure, and no breach of our systems has occurred in connection with the events experienced by TweetGif. Regarding how TweetGif was compromised, we can't speak on their behalf. Since this application used OAuth, no user passwords were exposed."