Oracle Offers Workaround After Confusion...
Many software developers offer bounty programs for their products. The concept is that someone finds an vulnerability and notifies the developers of the software for a reward. The point is to dissuade hackers from...
Microsoft Warns Of Conficker Worm Threat
The latest Microsoft Security Intelligence Report (SIR) has complied new data taken from over 600 million systems worldwide, and has found that iterations of the Conficker worm have appeared on roughly 220 million computers over...
The State Of IT Security [Infographic]
We all know about threats to the valuable data we store everyday, we hear about them all the time. There's always some anonymous hacker shutting down a website, or publishing someones private data. It's just something that has become part ...
Internet Explorer 9.0.6 Now Available, Fixes Security...
I remember just a few years ago when Internet Explorer was the laughing stock of the browser community. It lacked the functionality that other browsers had while lacking even basic security functions. It's what led to the impression...
New Variant Of Flashback Malware Exploits...
A new variant of the Flashback trojan has appeared, exploiting a Java vulnerability found in Macs. Cyber security firm F-secure announced this discovery...
55,000 Twitter Accounts Hacked, Passwords Exposed
By: Drew Bowling
Hackers appear to have successfully exposed the passwords of as many as 55,000 Twitter accounts yesterday, sparking the website to conduct an investigation into just how the security breach occurred.
The hack was first reported on the blog Airdemon.net where it was said that "anonymous hackers" - note that it's not the proper Anonymous, as in the hackivist collective, but it's not clear whether that punctuation difference was intentional or not - gained access to the the accounts, some of which are said to belong to celebrities. The account information was so enormous that it took five pages on Pastebin to share all of the information.
According to CNET, Twitter is looking into the breach and have notified the affected accounts with notices to reset their password.
Yesterday evening, Twitter, via the @twittercomms account, said that many of the accounts affected were duplicates or spam-ish.
Twitter CommsThe list of alleged accounts & passwords consists of more than 20,000 duplicates. Also suspended spam accounts & incorrect login credentials
After crunching the numbers and identifying the duplicate accounts shared on Pastebin, Anders Nilsson at Säkerhetsbloggen determined that the total amount of actual accounts is 34,062 and, of those, only 25,068 appear to be legit. He also postulates that a majority of the accounts appear to be associated with email accounts from Brazil, which would make sense since when I looked at the list of account info on Pastebin my browser offered to translate the webpage into Portuguese. More interesting, Nilsson also points out that the list of yesterday's hacked accounts appear to be accounts that were hacked last summer.
So maybe Twitter's right to downplay this security breach and it's not really as threatening or legitimate as it first appeared to be. Do you think Twitter's responded appropriately, or should it be taking the matter a little more seriously? Think this situation is more hoax than actual hack?
Update: Even though the sentiment is pretty much summarized above, here is the official Twitter statement a spokesperson provided to WPN:
We are currently looking into the situation. In the meantime, we have pushed out password resets to accounts that may have been affected. For those who are concerned that their account may have been compromised, we suggest resetting your passwords and more in our Help Center.
It's worth noting that, so far, we've discovered that the list of alleged accounts and passwords found on Pastebin consists of more than 20,000 duplicates, many spam accounts that have already been suspended and many login credentials that do not appear to be linked (that is, the password and username are not actually associated with each other).
Drew Bowling is a staff writer for SecurityProNews. He never met an all-you-can-eat buffet he didn't like.
Twitter: @bentfortherent Google: +Drew Bowling