Hacker Claims Leak Of 15k Twitter Account Details

A hacker claims to have leaked account details of 15,000 Twitter users, saying they could be used to hijack profiles.

The Mauritania Attacker appears to have published Twitter IDs, handles and OAuth token information, used by third-party applications to access accounts without requiring a password. Using such data, hackers can spy on Twitter users’ private communications, but it is unlikely a full account takeover could take place.

He took to Zippyshare to dump the data, telling Indian site Techworm that no account was safe as he had access to a database of information he could use to access profiles.

Twitter hacks incoming?

Twitter said it was looking into the matter. A source with knowledge of the matter said “it currently seems very unlikely that the individual’s claim of having access to all Twitter accounts is valid”.

It is likely a third-party has been breached, if the leaked credentials are genuine. Users are advised to revoke any third-party apps that have access to their Twitter feed and then re-establish any ones they want to keep, thereby creating fresh OAuth tokens.

Mauritania Attacker came to the public’s attention in June, when Reuters profiled the self-professed non-extremist Islamic hacker. He forged a team called AnonGhost, defending the “dignity of muslims”.

That same team was one of the chief organisers of OpUSA, defacing a large number of websites but causing limited damage otherwise.

What do you know about Internet security? Find out with our quiz!