55,000 Twitter Accounts Hacked, Passwords Leaked 66
MojoKid writes "Tens of thousands of Twitter accounts have been compromised in a recent hack attack in which more than 55,000 passwords were leaked and posted to Pastebin by anonymous hackers. Most of the accounts supposedly belonged to spammers, and there were many duplicate entries, Twitter officials pointed out. However, to play it safe, you should probably change your Twitter password ASAP."
Why the hell would twitter even KNOW my password? (Score:3, Interesting)
Well managed sites do not store your password. They store an encryption HASH of your password. When you type in your password, they use the same routine to HASH what you type in and compare the hashes. You cannot go backward from a hash to a password (well, not a modern hash, and not with a password that isn't a simple common word). There is no excuse for a web site to actually have a stored copy of your actual password anywhere in their systems.
Re:Update: No recent hack, just repackaged old dat (Score:3, Interesting)
Oh dear, is this the same Adrian Lamo who turned in Bradley Manning over the Wikileaks incident?
http://www.wired.com/threatlevel/2011/07/manning-lamo-logs/ [wired.com]
I don't know why anyone would ever talk to this guy again for the rest of his life.
And nothing of value was lost (Score:4, Interesting)
Seems to me it's more likely that somebody now owns the Twitter password server and is now trying to get everyone to change their password so he'll have all the twitter user passwords.
Hello, FBI, is that you??
Re:Why the hell would twitter even KNOW my passwor (Score:4, Interesting)
Salted and hashed. Without salt you can use rainbow tables to reverse the hash. But you're right, they shouldn't be storing it anywhere or using reversible encryption.