Slashdot Mirror

← Back to Stories (view on slashdot.org)

55,000 Twitter Accounts Hacked, Passwords Leaked

Posted by samzenpus on from the protect-ya-neck dept.

MojoKid writes "Tens of thousands of Twitter accounts have been compromised in a recent hack attack in which more than 55,000 passwords were leaked and posted to Pastebin by anonymous hackers. Most of the accounts supposedly belonged to spammers, and there were many duplicate entries, Twitter officials pointed out. However, to play it safe, you should probably change your Twitter password ASAP."

14 of 66 comments (clear)

  1. Re:Bad Systems Design? by jhoegl · · Score: 4, Funny

    Nah, they just tried "12345" on all the accounts.
    I think they saw it in a movie once.

  2. Not just Twitter by Anonymous Coward · · Score: 4, Insightful

    How many people use the same password on several services?

  3. Update: No recent hack, just repackaged old data by Kelson · · Score: 5, Informative

    From CNet's article:

    After Lamo and others found that at least some of the alleged account data had been posted on the Web last year and speculated that the list appeared to be compiled from various sources, including spam accounts, Twitter provided CNET this statement when asked for comment: "We've looked into this and can confirm that Twitter was not compromised. For extra precaution, yesterday, we pushed out password resets to accounts that may have been affected."

  4. As pointed out in several other places... by spec8472 · · Score: 5, Informative

    There is no evidence Twitter themselves were "hacked".
    This is likely the password file from a spambot c&c network.

    All* the twitter accounts shown follow the same naming and password rules. This is not typical of how a random selection of users would set up their account.
    In addition all/most of these accounts are or were suspended (typically this is for spam).

    * I may have missed one, but given several others point out the same...

    Ref: Reddit: 55.000+ Twitter usernames and passwords leaked

  5. looks like pretty low-value accounts by Trepidity · · Score: 4, Informative

    A huge number of the account names and passwords look clearly auto-generated. I would guess it's not a "real" leak of actual users' data, but a compromise of some spammer's twitter-bot farm.

    I mean, this is not what a leak of regular Twitter-user u/p would look like:

    Idellcfipt:E7QkDx28
    Yiqafky:A417tSFv
    Mi_deq:15j6onel

    --
    10 PRINT CHR$(205.5+RND(1)); : GOTO 10
    1. Re:looks like pretty low-value accounts by Fwipp · · Score: 5, Funny

      I agree, clearly not real people. Those passwords are way too strong.

    2. Re:looks like pretty low-value accounts by NoEvidenZ · · Score: 5, Informative
      That's absolutely what I thought.

      The list starts off strong with roughly 5000 script generated accounts. The usernames and passwords are just too obviously random to be real.

      It looks like it then goes on to some phished accounts.

      Also looks like a large amount are duplicates.

  6. Why the hell would twitter even KNOW my password? by CFD339 · · Score: 3, Interesting

    Well managed sites do not store your password. They store an encryption HASH of your password. When you type in your password, they use the same routine to HASH what you type in and compare the hashes. You cannot go backward from a hash to a password (well, not a modern hash, and not with a password that isn't a simple common word). There is no excuse for a web site to actually have a stored copy of your actual password anywhere in their systems.

    --
    The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
  7. Re:Why the hell would twitter even KNOW my passwor by EvanED · · Score: 4, Insightful

    Good thing these passwords weren't obtained by attacking Twitter's servers directly then.

  8. Caring about it by fizzer06 · · Score: 3, Funny

    Try as hard as I can, still don't care about twits and their tweets.

  9. Re:Update: No recent hack, just repackaged old dat by deblau · · Score: 3, Interesting

    Oh dear, is this the same Adrian Lamo who turned in Bradley Manning over the Wikileaks incident?

    http://www.wired.com/threatlevel/2011/07/manning-lamo-logs/

    I don't know why anyone would ever talk to this guy again for the rest of his life.

    --
    This post expresses my opinion, not that of my employer. And yes, IAAL.
  10. And nothing of value was lost by the+eric+conspiracy · · Score: 3, Interesting

    Seems to me it's more likely that somebody now owns the Twitter password server and is now trying to get everyone to change their password so he'll have all the twitter user passwords.

    Hello, FBI, is that you??

  11. Re:Why the hell would twitter even KNOW my passwor by danlip · · Score: 3, Interesting

    Salted and hashed. Without salt you can use rainbow tables to reverse the hash. But you're right, they shouldn't be storing it anywhere or using reversible encryption.

  12. Re:Think I was hit by Cinder6 · · Score: 3, Funny

    Thanks for the suggestion, but that just showed up as a bunch of asterisks for me. (Maybe that would be a good password?)

    --
    If you can't convince them, convict them.