It’s unclear what happened, but a list of thousands of Twitter usernames and passwords has been published on Pastebin. The tip-off about the hack came from Airdemon, which attributes the attack to lowercase-a “anonymous hackers.” The post, in addition to linking the Pastebin pages, recommends users check for their own names, and suggests Twitter’s lack of security is to blame for the leak. Twitter has pushed out password updates to affected accounts and notes that many of the accounts listed are duplicates, or spam bots that have already been suspended.
Twitter’s response to the whole incident, as told to CNET, is as follows:
“We are currently looking into the situation. In the meantime, we have pushed out password resets to accounts that may have been affected. For those who are concerned that their account may have been compromised, we suggest resetting your passwords and more in our Help Center.
It’s worth noting that, so far, we’ve discovered that the list of alleged accounts and passwords found on Pastebin consists of more than 20,000 duplicates, many spam accounts that have already been suspended, and many log-in credentials that do not appear to be linked (that is, the password and username are not actually associated with each other)”
If you were affected, chances are you would know by now, but if you’re feeling a little paranoid and want to check, Martin Wittmann has whipped up a handy little tool that makes it a piece of cake. While having a strong password may not have actually helped you avoid being involved in this particular dump, which seems to have gone beyond brute-forcing, incidents like this still make a good reminder to use strong passwords, and also to change them often. In fact, I think I’ll go change mine right now. You’d be wise to do the same.
- Twitter standing up for user rights
- Twitter waging war against spammers
- Geekosystem editors going completely insane on Twitter (ongoing and perpetual)