Hackers Post Thousands of Twitter Account Logins

Wednesday, May 09, 2012



Reports indicate that thousands of Twitter usernames and passwords have been posted via Pastebin.

Analysis of the data dump indicates that of the fifty-five thousand sets of account logins, around twenty-thousand were duplicates, and a large percentage were associated with accounts that were already suspended for violations of terms of service.

Many of the username and password combinations were also incorrectly matched, making them useless for breaching an account.

It is unclear how many of the posted login credentials were in fact a threat to the account holders, but Twitter officials stated that they "have pushed out password resets to accounts that may have been affected."

Users should be wary of the potential that scammers will take this opportunity to send out false notifications with links to malware or in an attempt to get unsuspecting targets to reveal their usernames and passwords.

Twitter is taking the breach seriously, in part due to an agreement with the FTC made late in 2011 that mandates that the company “must establish and maintain a comprehensive information security program, which will be assessed by an independent auditor every other year for 10 years.”

The company faces the possibility of substantial fines for each violation of the FTC agreement.

Further complicating matters, Twitter is currently fighting a subpoena to release account information associated with Occupy Wall Street protester Malcolm Harris.

The company maintains that all tweets remain the property of the account owner per the terms of service, and argued to the court that “the Order imposes an undue burden on Twitter by forcing it to violate federal law.”

Harris also sought to have the subpoena thrown out, an attempt that subsequently denied in late April, with the court stating “the defendant does not have standing to quash the subpoena.”

The American Civil Liberties Union (ACLU) has taken sides with both Harris and Twitter asserting that the subpoena represents a violation of a user's privacy rights.

“If Internet users cannot protect their own constitutional rights, the only hope is that Internet companies do so. Twitter did so here, and Twitter should be applauded for that. We hope that other companies will do the same thing. Our free speech rights may depend on it,” the ACLU stated.

Source:  http://www.infosecurity-magazine.com/view/25659/twitter-fights-two-information-security-battles

Possibly Related Articles:
Legal Passwords Twitter Headlines hackers breach Login username Courts
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.