A hacker has claimed to have access to “the entire database of users on Twitter”, warning that “no account is safe”. He has leaked 15,000 account details via a file-sharing service as “proof” of his claims - although experts are skeptical, and Twitter says no accounts are at risk.
The hacker, who styles himself the “Mauritania attacker”, claimed in an interview with an Indian security site, Techworm, that he had access to Twitter’s “entire database”.
The account details which he leaked on Zippyshare included OAuth tokens, rather than passwords, which suggested, according to GigaOm, that he had hacked a third-party app rather than Twitter itself.
"The details, which appear to be genuine, do not include passwords," GigaOm’s David Meyer wrote. "They do include OAuth tokens, though, so Twitter users should probably revoke and re-establish access to connected third-party apps."The tokens are used to connect Twitter accounts to third-party services without requiring passwords.
A Twitter spokesman, speaking to Mashable, said, ""We have investigated the situation and can confirm that no Twitter accounts were compromised." The spokesman said that the third-party app responsible had already been suspended.
GigaOm’s Meyer spoke to security expert Alan Woodward, of the University of Surrey who said that the tokens might allow attackers to Tweet under other people’s names.