The information was uploaded Tuesday to the Zippyshare website as a 3.7-M.B. “twitter-accounts.txt” file. In an interview with Techworm, the Mauritania-based hacker said he compromised “the entire database of users on Twitter” and that “no account is safe.”
The hacker also claims to have more stolen information and is reportedly deciding whether or not to release it. Although the information doesn’t include passwords, it does include Twitter IDs and links to profile pictures, as well as OAuth tokens, adopted by Twitter in 2010 to allow developers to create applications that can directly access Twitter without asking for a password.
Twitter says the system has not been compromised by the attack. Our take? It’s always better to be safe than sorry, which is why you should go ahead and revoke and reauthorize access rights for all third-party apps. As a result, current OAuth tokens will become invalid and new ones issued, which will help protect your account.
Just log in to your Twitter account, click Settings and then Apps. You’ll see a list of apps that can access your Twitter account. Hit Revoke Access next to the app.
You’ll then have to individually add the apps back to your Twitter account—a pain, sure, but not as bad as having your account (or that of a client’s) hacked. And as an extra precaution, you might want to go ahead and change your Twitter password, too.
In the meantime, we’ll continue to keep you updated on the situation. After all, there’s never a dull moment on the interwebz!