Has your Twitter account been hacked? An anonymous hacker has leaked the email addresses and passwords of 55,000 accounts. But Twitter says many are 'spam accounts.' In IT Blogwatch, bloggers work out what really happened.
By Richi Jennings: Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Swapping dog poop for Wi-Fi...
Jeremy Kirk goes, boldly:
The logins and passwords were published Monday on Pastebin, a website...favored by hackers to release stolen data. The data...compris[es] 58,978 login and password combinations..
...Some users will be asked to reset their passwords, while other users...are encouraged to change their passwords, [a Twitter] spokesman said.
Mike Isaac adds important detail:
Someone claiming to be affiliated with the “Anonymous” hacker movement posted [this] to Pastebin.
...A Twitter spokesperson...pointed out that nearly half...are duplicates and spam accounts.
And Dutch bloggers Manuela and Robert St Barthelemy are shocked:
It was very shocking to see such a massive number of Twitter accounts are hacked [including] celebrity accounts.
Unbelievable that Twitter isn’t taking any necessary steps to keep its users data safe. ... All they need to do is to add a password strength checker...[to] guide the users to create a strong password.
...To check if your account is hacked, go through these...pages ( page 1 | page 2 | page 3 | page 4 | page 5 )...to find your account easily just by using...CTRL+F and type your email id.
But Zack Whittaker finds the data fascinating:
Many of the accounts however appear to be associated with ‘bot’ users.
Speculation has already erupted as to the source of the breach. ... Based on the number of ’spam’ accounts listed...it would not [be] a massive surprise to learn that a third-party breach may have led to the disclosure.
...Twitter has become a short-message haven...for spammers and bots that [tweet] malicious links to tempt ordinary users into downloading malware. ... [M]any ordinary users notice spam on a daily basis. ... Twitter has to acknowledge that...the site still has a large proportion of fake accounts.
Meanwhile, Chuck McManis "randomly speculates":
[W]hat if this was a white hat operation? We have seen that folks who uncover botnets are in a weird place...if they take them out they can be accused of violating the CFA but if they leave them in place, the world stays sucky. So what to do?
...A white hat can 'leak' all of the spam accounts, which engages Twitter's customer relations team, which disables all the accounts...and 55,000 spam accounts go dark.
- Follow @richi, your humble blogwatcher, on Twitter
- Pretend to be richij's friend on Facebook
- Encircle richij on Google Plus
- Subscribe to the Computerworld Blogs newsletter
- Catch up with posts from the previous few days
Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. He's the creator and main author of Computerworld's IT Blogwatch, for which he has won ASBPE and Neal awards. He also writes The Long View for IDG Enterprise. A cross-functional IT geek since 1985, you can read Richi's full profile and disclosure of his industry affiliations.