The heart of tech is coming to the heart of the Mediterranean. Join TNW in València this March 🇪🇸

This article was published on May 8, 2012

Hackers break into 55,000 Twitter accounts, leaving passwords bare

Hackers break into 55,000 Twitter accounts, leaving passwords bare

In a massive leak, some 55,000 Twitter accounts have been compromised, leaving them open for abuse. According to AirDemon, accounts belonging to celebrities were attacked in the process.

The leak is large enough that 5 PasteBin pages were required to host the list. I’m going to link to them, only so that you can see if you are among the hacked: one, two, three, four, five. The pages have racked up thousands of views, implying that the accounts could have already been compromised. If you see any funny tweets in your stream, this might be why.

According to initial reports, a ‘Twitter insider’ said the following [TNW has not verified this remark, so treat it appropriately]: “The micro blogging platform is aware of this hack and was taking necessary actions to save those people’s account from malicious activity.” I’m leery of the statement as I can’t imagine that anyone close to Twitter would call it a ‘micro blogging platform,’ but for now that also conjecture.

TNW has reached out to Twitter for comment or confirmation.

TNW, after a glance through the lists, can state that many accounts present appear to be bot accounts, or at least have that look. Some however, are not, containing passwords that are perfectly reasonable (connected to the name in the email address, and very breakable).

What can you do to protect yourself? Change your passwords regularly, and ensure that they are strong, employing capital letters, and both alpha and numeric characters. Still, so long as there are groups that get their jollies by creating a bit of mayhem, this sort of thing won’t stop happening.

Check if you are on the lists, and then go think up a new passwords. You haven’t done so recently, have you?

Update: Twitter got back to TNW and informed us that they are actively looking into the situation. In the interim they have sent password resets to affected accounts. The company also stated, as we noted, that the list conatins many spammy accounts. When we hear more, we’ll put it here.