Yesterday there were some reports and a bit of evidence that Twitter had been compromised by an attacker.
Going by the moniker the “Mauritania Attacker”, this hacker claimed he had access to Twitter’s database, and leaked thousands of usernames and OAuth keys to prove it.
On Twitter.com you can manage 3rd party access to your account.
Now the social networking giant has gone on the record with The Guardian and the company states clearly that no accounts have been compromised. Even though the hacker claimed to have access to Twitter’s own database, which would have been a very serious breach of security, it’s now clear that the person behind the attack only managed to compromise a 3rd party Twitter app.
There’s also the fact that the leaked usernames were for all intents and purposes public knowledge, while the leaked OAuth keys are not enough to fully compromise an account. At most they can be used in a future attack.
Users still concerned for their accounts can take the extra step of revoking access to the third party apps they have connected to Twitter and then re-authorize them. This will force a new token and the old one will become worthless.
Source: The Guardian
3 Comments - Add comment