This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Twitter says accounts were not compromised despite hacker's claims

Share this article:

Is every Twitter account at risk of being compromised?

A hacker operating under the name 'Mauritania Attacker' has claimed so – but even though he released purported account information for more than 15,000 users on Tuesday morning, officials with Twitter said the service was not affected.

The pro-Islam hacker, who takes his moniker from the West African Arab Maghreb country in which he is said to reside, posted the Twitter information – 15,167 accounts in total – to file-hosting website Zippyshare on Tuesday morning. He claims to have access to numerous more.

Each account on the list included Twitter nickname, numerical identification number and OAuth token and OAuth token secret exposed. Passwords were not compromised, but the OAuth information may be all a hacker needs to access a Twitter account.

OAuth is an open standard that allows services to interact with each other without needing to share all types of private information, such as usernames and passwords. Specifically on Twitter, “OAuth is an authentication protocol that allows users to approve [an] application to act on their behalf without sharing their password," according to the service.

However, OAuth can be manipulated by the Firefox extension Tamper Data, Mauritania Hacker told Indian news site Techworm on Tuesday.

When used maliciously, Tamper Data allows users to meddle with data being sent back and forth between a client and server, according to a post by Andy O'Donnell, a senior security engineer and analyst. He said the extension can allow people to bypass restrictions built into websites or web applications.

O'Donnell did not immediately respond to an inquiry from on how a user could actually gain access to Twitter accounts using OAuth and Tamper Data, but Twitter representatives do not seem too concerned.

“We have investigated the situation and can confirm that no Twitter accounts were compromised,” a Twitter spokesperson told on Tuesday. "We always recommend that users regularly review the third party apps that [they] have granted account access to, just as a general best practice. In this case however, no one was able to gain access to any Twitter accounts."

OAuth, meanwhile, had not listed any security advisories on its website at the time of going to press.

"The OAuth community is committed to identifying and addressing any security issues raised relating to the OAuth protocol and extensions," it said. "Any identified threat will be published on this page as soon as it is safe to do so. Due to the nature of many security threats, they cannot be disclosed before sufficient notice is given to vulnerable parties."

Coincidentally, nearly four months ago, security researcher Ryan Kelker contacted Twitter about being able to produce similar results by using an app he created himself. He based the app on TweetDeck, a third-party social media dashboard for management of Twitter accounts.

Kelker posted his findings to Coderwall after a lack of response from Twitter, although could not confirm if his findings had any influence on Mauritania Attacker.

The hacker, according to a Reuters story in June, is responsible for coordinating groups of intruders whose goal is "defend Muslims by peaceful means".

In light of claims from the hacker, McAfee research head David Marcus took to Twitter on Tuesday and advised all users to change their Twitter passwords. “Great point about changing logins while an attacker may still have access,” he responded to one user. “I say change now and [change again] post disclosure.”  

Alan Woodward, a security expert in the UK, suggested obtaining new OAuth tokens. He told on Tuesday that Twitter users should “go in and revoke third party's apps rights and then just re-login when [or] if you want to re-access Twitter via that app. This way a new token will be issued".

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.