Twitter was hacked (again) but this time, the consequences could be pretty broad.
A few reports floating around online today (mostly on tech sites right now) say that Twitter has been compromised by an Islamist hacker who goes by the name “Mauritania Attacker.” He has leaked 15,167 account details, including Twitter IDs, handles, oauth_token, and oauth_token secret codes. which can be used to login to someone’s account.
They’re all up for download in plain text format on the file sharing site Zippyshare.
So why is your account screwed? Indian security site Techworm claims that they spoke with the Mauritania Attacker, who said that he had access to the “entire database of users on Twitter” and that he may “leak unlimited accounts credentials in the coming future.”
How Does The Twitter Hack Affect You?
Passwords haven’t been leaked, so it’s not like just anyone can get into your account if your information is out there. But what was leaked is a good chunk of information for anyone who does hack accounts. By running the right script, a hacker could use this information to get limited access to your Twitter account.
What You Can (Should) Do:
Gigaom spoke to security expert Alan Woodward this morning, who offered the following bit of advice:
“Personally, I do regular housekeeping where I go into the Apps settings of Twitter and delete the third party apps that have access. The reason is that at present Twitter OAuth tokens once issued do not expire. You have to manually revoke them… So, I think best thing one could [do] is to go in and revoke third party’s apps rights and then just relogin when/if you want to reaccess Twitter via that app. This way a new token will be issued.”
You can also turn on two-step login verification. This simple process is outlined here.
Despite the immediate associations, the Mauritania Attacker doesn’t seem to be involved with the Syrian Electronic Army, and even takes pride in being a “non-extremist” hacker. He may have closer ties to Anonymous, as he is the founder of the AnonGhost collective which has defaced domains belonging to American and British firms in the oil industry over the past year.
Twitter has not yet released a statement on the hack. A spokesman said early this morning that they’re “currently looking into the situation.”