garyopa
06-12-2012, 04:33 PM
However -and apparently- your passwords are safe.
http://www.maxconsole.com/maxconsole/contents/RKLS00000010170/icon_xl.jpg
Seems that LulzSec hackers posted data on about 8,100 Twitter users who used image sharing service 'TweetGif.'
Looks like another (http://www.maxconsole.com/maxcon_forums/showthread.php?189276-6.46-million-LinkedIn-Password-Hashes-leaked-Online!) big (http://www.maxconsole.com/maxcon_forums/showthread.php?189310-Dating-site-eHarmony-confirms-User-Passwords-were-compromised-too!) site (http://www.maxconsole.com/maxcon_forums/showthread.php?189311-Last.fm-warns-users-to-change-their-passwords-site-is-having-a-security-issue) had a "security issue" this month, however (and apparently) there's much less to worry about.
Yes, this time hacker group LulzSec Reborn has released "information" on about 8,100 Twitter users (described as 10,000 by the group) who used the image sharing service "TweetGif".
However, this 'hack' doesn't include any passwords or password hashes.
We found the file to be mostly public information like the names and locations displayed next to Twitter handles. More worrying is a list of token / secret pairs, which are used to authorize third parties like TweetGif to post to an account. However, these codes expire over time, and they can be revoked without any password changes by either the user or Twitter.
Twitter has confirmed that "no account passwords were leaked", and that the main website "was not compromised in this instance."
Here's their official statement:
We can confirm that all Twitter account passwords have remained secure, and no breach of our systems has occurred in connection with the events experienced by TweetGif. Regarding how TweetGif was compromised, we can't speak on their behalf.
Since this application used OAuth, no user passwords were exposed; for more information on why OAuth is our recommend[ed] connection method to grant an application access to your account, please see our help pages on Safety: Keeping Your Account Secure and How to Connect and Revoke Third Party Applications.
However, if you used that "service", would be a nice idea to change your password.
Also, ultimately, this is a proof that you should be extra careful with all those "third-party services" that you approve on your Twitter account.
You can check out the LulzSec leaked data on the PasteBin link below.
NEWS SOURCE #1: Lulzsec reborn Twitter tweetgif hack (via) TheVerge (http://www.theverge.com/2012/6/12/3080534/lulzsec-reborn-twitter-tweetgif-hack)
NEWS SOURCE #2: rCme2gpQ (via) PasteBin (http://pastebin.com/rCme2gpQ)
Our thanks to 'Gauss' for this news item!
http://www.maxconsole.com/maxconsole/contents/RKLS00000010170/icon_xl.jpg
Seems that LulzSec hackers posted data on about 8,100 Twitter users who used image sharing service 'TweetGif.'
Looks like another (http://www.maxconsole.com/maxcon_forums/showthread.php?189276-6.46-million-LinkedIn-Password-Hashes-leaked-Online!) big (http://www.maxconsole.com/maxcon_forums/showthread.php?189310-Dating-site-eHarmony-confirms-User-Passwords-were-compromised-too!) site (http://www.maxconsole.com/maxcon_forums/showthread.php?189311-Last.fm-warns-users-to-change-their-passwords-site-is-having-a-security-issue) had a "security issue" this month, however (and apparently) there's much less to worry about.
Yes, this time hacker group LulzSec Reborn has released "information" on about 8,100 Twitter users (described as 10,000 by the group) who used the image sharing service "TweetGif".
However, this 'hack' doesn't include any passwords or password hashes.
We found the file to be mostly public information like the names and locations displayed next to Twitter handles. More worrying is a list of token / secret pairs, which are used to authorize third parties like TweetGif to post to an account. However, these codes expire over time, and they can be revoked without any password changes by either the user or Twitter.
Twitter has confirmed that "no account passwords were leaked", and that the main website "was not compromised in this instance."
Here's their official statement:
We can confirm that all Twitter account passwords have remained secure, and no breach of our systems has occurred in connection with the events experienced by TweetGif. Regarding how TweetGif was compromised, we can't speak on their behalf.
Since this application used OAuth, no user passwords were exposed; for more information on why OAuth is our recommend[ed] connection method to grant an application access to your account, please see our help pages on Safety: Keeping Your Account Secure and How to Connect and Revoke Third Party Applications.
However, if you used that "service", would be a nice idea to change your password.
Also, ultimately, this is a proof that you should be extra careful with all those "third-party services" that you approve on your Twitter account.
You can check out the LulzSec leaked data on the PasteBin link below.
NEWS SOURCE #1: Lulzsec reborn Twitter tweetgif hack (via) TheVerge (http://www.theverge.com/2012/6/12/3080534/lulzsec-reborn-twitter-tweetgif-hack)
NEWS SOURCE #2: rCme2gpQ (via) PasteBin (http://pastebin.com/rCme2gpQ)
Our thanks to 'Gauss' for this news item!