June 12, 2012 at 12:07 PM ET
The Twitter user names and authorization tokens of about 10,000 users of a popular Twitter app have been leaked to the public, thanks to the work of an Anonymous-affiliated hacking group.
On June 9, a posting on the document-hosting site Pastebin linked to a file containing the usernames of about 10,000 Twitter members who use TweetGif, an animated Gif-sharing application.
As PC Mag reported, the file also contained users' names, locations, bios, links to their avatars, the time of their last tweet and the secret tokens used by a protocol called OAuth to authorize TweetGif to pull Twitter data.
"We can confirm that all Twitter account passwords have remained secure, and no breach of our systems has occurred in connection with the events experienced by TweetGif," a Twitter spokesman told SecurityNewsDaily in an email. "Regarding how TweetGif was compromised, we can't speak on their behalf. Since this application used OAuth, no user passwords were exposed."
Taking credit for the hack and subsequent leak was LulzSec Reborn. A relatively new presence on the scene, LulzSec Reborn has claimed responsibility for only one high-profile hack, the March theft of 170,000 email addresses from the military dating site MilitarySingles.com.
LulzSec Reborn brands itself as a spinoff of the original LulzSec hacking group, although there is no way of knowing if it is affiliated with the prolific group of hackers, which disbanded last June after a 50-day stretch of wreaking mayhem.
Copyright 2012 SecurityNewsDaily, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.