Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Social Networks Twitter Technology

55,000 Twitter Accounts Hacked, Passwords Leaked 66

MojoKid writes "Tens of thousands of Twitter accounts have been compromised in a recent hack attack in which more than 55,000 passwords were leaked and posted to Pastebin by anonymous hackers. Most of the accounts supposedly belonged to spammers, and there were many duplicate entries, Twitter officials pointed out. However, to play it safe, you should probably change your Twitter password ASAP."
This discussion has been archived. No new comments can be posted.

55,000 Twitter Accounts Hacked, Passwords Leaked

Comments Filter:
  • Not just Twitter (Score:4, Insightful)

    by Anonymous Coward on Wednesday May 09, 2012 @06:40PM (#39948759)

    How many people use the same password on several services?

  • This'll teach you to disobey a direct order from the police. Get down on the ground.
  • >55,000 passwords were leaked

    Why am I not surprised?

    • Re: (Score:2, Funny)

      by Anonymous Coward

      I certainly am surprised. I thought they had more than 55,000 users. Maybe there are only 55,000 unique passwords amongst their users?

  • by Kelson ( 129150 ) * on Wednesday May 09, 2012 @06:41PM (#39948773) Homepage Journal

    From CNet's article [cnet.com]:

    After Lamo and others found that at least some of the alleged account data had been posted on the Web last year and speculated that the list appeared to be compiled from various sources, including spam accounts, Twitter provided CNET this statement when asked for comment: "We've looked into this and can confirm that Twitter was not compromised. For extra precaution, yesterday, we pushed out password resets to accounts that may have been affected."

    • Re: (Score:3, Interesting)

      by deblau ( 68023 )

      Oh dear, is this the same Adrian Lamo who turned in Bradley Manning over the Wikileaks incident?

      http://www.wired.com/threatlevel/2011/07/manning-lamo-logs/ [wired.com]

      I don't know why anyone would ever talk to this guy again for the rest of his life.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Oh dear, is this the same Adrian Lamo who turned in Bradley Manning over the Wikileaks incident?

        http://www.wired.com/threatlevel/2011/07/manning-lamo-logs/ [wired.com]

        I don't know why anyone would ever talk to this guy again for the rest of his life.

        I'd talk to him. He reported an Intelligence officer with access to sensitive information who was planning on leaking it because he was pissed off about the military's policy towards homosexuals. If you bother to read the conversations it's pretty fucking obvious that Manning had an axe to grind, went into the systems and dug up any and all information he thought might make the military look bad, and then leaked it. After the fact, he tried to claim that he was "blowing the whistle" on supposed war crimes w

  • by spec8472 ( 241410 ) on Wednesday May 09, 2012 @06:42PM (#39948789) Homepage

    There is no evidence Twitter themselves were "hacked".
    This is likely the password file from a spambot c&c network.

    All* the twitter accounts shown follow the same naming and password rules. This is not typical of how a random selection of users would set up their account.
    In addition all/most of these accounts are or were suspended (typically this is for spam).

    * I may have missed one, but given several others point out the same...

    Ref: Reddit: 55.000+ Twitter usernames and passwords leaked [reddit.com]

    • Unless they're hashes of some kind (though they don't appear to be md5, sha, etc). Either way, the usernames themselves look like bot names.
    • This is likely the password file from a spambot c&c network.

      You're reaching. A lot of the accounts/passwords are things like:

      andre@someplace.com:andre
      somebraindeaduser@somewhere:123456789

      Once you get past the spam accounts, there's a lot of what looks like valid user accounts with weak passwords.
  • by Trepidity ( 597 ) <[delirium-slashdot] [at] [hackish.org]> on Wednesday May 09, 2012 @06:54PM (#39948873)

    A huge number of the account names and passwords look clearly auto-generated. I would guess it's not a "real" leak of actual users' data, but a compromise of some spammer's twitter-bot farm.

    I mean, this is not what a leak of regular Twitter-user u/p would look like:

    Idellcfipt:E7QkDx28
    Yiqafky:A417tSFv
    Mi_deq:15j6onel

    • by Fwipp ( 1473271 ) on Wednesday May 09, 2012 @07:10PM (#39949019)

      I agree, clearly not real people. Those passwords are way too strong.

      • by Anonymous Coward
        Have some strength measure here: http://xkcd.com/936/ [xkcd.com] Seriously? :P
      • Well, looks like people have a list of 55,000 strong passwords to choose from now.

        People who have memorization issues should start with perhaps a weaker password, then make it longer over time. I don't think password aging is a good idea as people will just choose weak passwords slightly modifying them each time.

        A six digit, easy-to-read captcha seems like it should be easy for spammers to crack. Maybe twitter should require account verification using a mobile phone number? With no more than one account cre

    • by NoEvidenZ ( 807374 ) on Wednesday May 09, 2012 @07:13PM (#39949043)
      That's absolutely what I thought.

      The list starts off strong with roughly 5000 script generated accounts. The usernames and passwords are just too obviously random to be real.

      It looks like it then goes on to some phished accounts.

      Also looks like a large amount are duplicates.

  • Wait. (Score:1, Offtopic)

    by DoninIN ( 115418 )
    So you're saying that the stupid txt broadcast company with the fadish technology and the fail whale... Wait, how is this even news?
  • Maybe it's just a coincidence but I checked my twitter account and couldn't log in, had to reset my password. Damn now I need to find a password other than 12345, BTW could you pass the Peri-Air?

  • Well managed sites do not store your password. They store an encryption HASH of your password. When you type in your password, they use the same routine to HASH what you type in and compare the hashes. You cannot go backward from a hash to a password (well, not a modern hash, and not with a password that isn't a simple common word). There is no excuse for a web site to actually have a stored copy of your actual password anywhere in their systems.

  • Not to be a curmudgeon, but does twitter really contribute anything to the world?

    • Not to be a curmudgeon, but does twitter really contribute anything to the world?

      Where else ya gonna go to get your password hacked?

    • Absolutely. Sure, if you want to follow a random selection of users then you're just going to get lots of updates on what people are having for lunch, but the trick is to follow people you find interesting. I mostly follow people involved in physics, maths, science writing and a few other topics I'm interested in. It's essentially a news feed if you get it right, I first heard about CERN's "super-luminal neutrinos" through Twitter.

      Yes, there's a lot of noise (just try reading the "raw" feed if you want
    • It's a great way to catch breaking news if you don't sit in front of a TV all day. Yesterday would be a prime example, glancing down at my phone on an afternoon smoke break to find out the president had announced his support of same-sex marriage. It was a good hour or so before that had made its way through the major news sources. You can find accounts for everything from local news, to your state-level organizations and agencies, to specific committees in congress or the house.
  • by fizzer06 ( 1500649 ) on Wednesday May 09, 2012 @08:09PM (#39949429)
    Try as hard as I can, still don't care about twits and their tweets.
  • by the eric conspiracy ( 20178 ) on Wednesday May 09, 2012 @09:41PM (#39949985)

    Seems to me it's more likely that somebody now owns the Twitter password server and is now trying to get everyone to change their password so he'll have all the twitter user passwords.

    Hello, FBI, is that you??

  • "Fight us over our subpoenas? Fine, you have 'Chinese' hackers eating you now."

  • Or at least not directly hacked from Twitter.

    If you look at the logins [airdemon.net] there is a mix of usernames and email addresses. Since Twitter lets you login using either your twitter handle or email address, it looks as if these were somehow keylogged or otherwise hijacked, as opposed to Twitter being hacked.

    • 34064 unique pairs of usernames/passwords.

      About 1/2 (15834) are @hotmail

      (Yahoo and GMail each had about 2000-2200 occurences.)

      So possibly phished or keylogged.

      Or hotmail is a lot more popular then we realize.
  • Wouldn't it be simpler to just post a story on the days when skateboardface & his lackeys don't fuck something up?

"An idealist is one who, on noticing that a rose smells better than a cabbage, concludes that it will also make better soup." - H.L. Mencken

Working...