Part of a database containing the credentials for more than 8,000 Twitter accounts, apparently obtained from the TweetGif image hosting service, is currently circulating online. The extract contains access tokens and the associated access token secrets which can be used to access users’ Twitter accounts.
Users log into the third-party TweetGif app using their Twitter account, and Twitter then provides TweetGif with an access token. This token allows TweetGif to access the user’s Twitter account in perpetuity without having to request permission each time it wishes to do so.
The tokens remain valid even when the account password is changed. As a precautionary measure, anyone who has used TweetGif in the past is advised to revoke the service’s access rights under Settings ➤ Apps on twitter.com. The LulzSecReborn Hacker group has already claimed responsibility for leaking the user data. The group was also responsible for publishing data from the MilitarySingles.com e-dating web site and from security services provider CSS Corp earlier this year.
Joshua Dustin, CISSP, GIAC GPEN, MasterCNE, CNE6, CLE, CLP demostrates how to use twitter to build password cracking wordlist , click here to view!