Mauritania Attacker leaked thousand of twitter Accounts credentials today, which was hijacked from twitter.
The Account leaked is up for download on file sharing service of Zippyshare. all the account leaks are in plain text format.
The leaked data contains twitter id, twitter nickname, oauth_token, oauth_token secret codes. which can be used to login to the victim’s account.
Hacker also added a guide on how to use oauth_token to login into the account -which can be done easily with the use of tamper data.
As of now, Mauritania Attacker has leaked about 15167 account details. but in a conversation with Techworm, he confirmed that he has access to the entire database of users on twitter and no account is safe from him, maybe he will leak more account credentials in the coming future.
Now the big question that arises to every twitter account holder is that are they safe on twitter any more, I guess they aren’t anymore.
I think, it is easy to control this situation. Twitter just has to change Auth/Secure token algorthm a little bit so tokens/keys that stolen doesn't work anymore i guess? Of course, if only if these entrys undecodable.
This comment has been removed by a blog administrator.
Every single account on Twitter that is a lot of data…password change me thinks
To mathew, this is not password. Also I think tokens connot be decoded. So a little change on encode/decode algorthm secure whole database again. After that Twitter can works on what it wrong with their security
if the database has been hacked , a password wont do a damned thing
This comment has been removed by a blog administrator.
And thats why people don't mess with hackers except poltics and haters.
Congratulations excellent hack
This comment has been removed by a blog administrator.
I wonder if this Twitter vuln has anything to do with it https://coderwall.com/p/mevftw
HOAX! This is just wrong.
HOAX of course…………….<br />
Look at what he's posted, it's just OAuth tokens. All this guy did was attack one Twitter app, he didn't hack Twitter itself. Lies.
Oh no. A blogger said twitter isn't safe anymore. That must mean twitter isn't safe any more. <br /><br />*deletes system32 just to be safe(r)*
seems like most accounts are from turkish users…
A third party was compromised, not Twitter. Furthermore, those oauth tokens/secrets are 2 sections of a 4 part authentication model over the Twitter REST API. Without the consumer token & secret they are rendered useless.
This comment has been removed by a blog administrator.
I guess it is just a fake one 😀 <br /><br />i found so many duplicates and most of the accounts are turkish :/
Lot of laugh.! 😛 joke of the century,