LulzSec announced their return just last week and they’re already causing a bit of a stir. The group used a security loophole in a third party Twitter application to gain access to about 10,000 Twitter accounts.
LulzSec, now going under the name of LulzSec Reborn, announced on Saturday that they had leaked the accounts of people use the TweetGif application. It seems to be a relatively unknown application that allows users to easily Tweet out gifs.
http://t.co/tqYw8D2u Users table nothing serious 10.000 twitter accounts … http://t.co/UKcV7Jgz fucking around..
As you can see, LulzSec seems to have attacked this particular application just for the “lulz.” They claim it to be nothing serious and they probably don’t even intend to use this information for anything. That being said, you should change your password now if you have ever used TweetGif.
So what did LulzSec manage to take from TweetGif? According to PC Magazine, the TweetGif data table contained usernames, passwords, real names, locations, bios, avatars, the token the application uses to pull Twitter data, and the last Tweet to come from that account. It’s a ridiculous amount of information that a third-party application is privy to. Twitter has always seemed to be pro-privacy, but handing over this much information to a questionable third-party app seems to be pretty hypocritical.
Thankfully, this attack is nowhere near the scale of the recent password leaks that have affected LinkedIn, eHarmony and Last.fm that saw millions of passwords leaked online. The security loophole has been fixed, but you should change your password for those sites as well just to be safe. Fortunately, somebody has created a site that allows you to see if your password for LinkedIn was leaked. As for eHarmony and Last.fm, better safe than sorry.