Los Angeles -- In a shocking turn of events that shook the popular micro-blogging outfit in a massive security breach that has led to more than 55,000 Twitter accounts--including username and password combinations exposed online. According to AirDemon, accounts belonging to celebrities were attacked in the process.
By the way, it was not immediately apparent as to who is responsible for posting passwords for Twitter accounts to a public Web site, besides the exact number of accounts is also unclear, as Twitter says many are duplicates and many had already been suspended.
However, hackers professing to be affiliated with the hacktivist group Anonymous claimed this week to have accessed and published the details of about 55,000 Twitter accounts. But Twitter said Tuesday those claims are largely bogus, and that the group mostly posted duplicate information or username and password information for suspended spam accounts.
The micro-blogging outfit said that it is investigating the issue of what appears to be thousands of user account passwords and e-mail addresses.
“We are currently investigating the situation. In the meantime, we have pushed out password resets to accounts that may have been affected,” Twitter spokesman Robert Weeks said informed CNET via an e-mail. “For those who are concerned that their account may have been compromised, we suggest resetting your passwords and more in our Help Center.”
Surprisingly, an anonymous Pastebin user listed five extremely long pages of alleged Twitter usernames and passwords to the text storage site on Monday. (Here are the hacked pages one, two, three, four and five.) These pages have racked up thousands of views, implying that the accounts could have already been compromised. If you see any funny tweets in your stream, this might be why.
Besides, the hacking news aggregator Airdemon.net reported the supposed breach on Tuesday, beginning to ignite speculation around the web of a massive successful attack on Twitter's servers. Airdemon further said that mostly celebrity accounts were among those compromised, and also claimed to have information from a “Twitter insider” confirming the attack.
“It is also worth noting that, thus far, we have discovered that the list of so-called accounts and passwords found on Pastebin consists of more than 20,000 duplicates, many spam accounts that have already been suspended, and many log-in credentials that do not appear to be linked (that is, the password and username are not actually associated with each other),” he said.
In fact, the list does seem a bit strange, with many passwords that seemed to be robust, and a separation between e-mail addresses and user IDs that hacker Adrian Lamo noted on Twitter was not representative of a typical password dump.
Equally, Twitter has to acknowledge that while the vast majority of its 140 million users are legitimate, the site still has a large proportion of fake accounts and those that tweet vast amounts of spam to its users.