Hackers target Twitter spammers in massive account data breach

Hackers target Twitter spammers in massive account data breach

Summary: A massive breach has led to more than 55,000 Twitter accounts being published on the Web. But it appears the hackers may have targeted spammers over ordinary users.


Twitter is investigating after 55,000 account details --- including username and password combinations --- were published online.

Account details seemingly belonging to spammers were uploaded to Pastebin, a code-sharing site often used by hackers to post the results of their hacking escapades.

The accounts were published over five Pastebin pages --- one, two, three, four, five. Legitimate users who are on the list are advised to change their passwords immediately.

A Twitter spokesperson said the company was looking into the situation. "We have pushed out password resets to accounts that may have been affected," they added.

"We've discovered that the list of alleged accounts and passwords found on Pastebin consists of more than 20,000 duplicates, many spam accounts that have already been suspended and many login credentials that do not appear to be linked --- that is, the password and username are not actually associated with each other."

Many of the accounts however appear to be associated with 'bot' users, such as those representing machines which tweet based on keyword recognition or otherwise.

One user on Y Combinator's Hacker News noted that many of the accounts when logged in requested an email confirmation, suggesting the accounts may not in fact belong to human users.

Many were suspended or only had a small number of followers, the user said.

"All their bios sound like bot-generated text, they all have suspiciously similar passwords that look auto-generated, and none of them seem to have much to say."

Speculation has already erupted as to the source of the breach.

At this stage, it's unlikely to point the finger at Twitter itself. Based on the number of 'spam' accounts listed in the breach, it would not come as a massive surprise to learn that a third-party breach may have led to the disclosure.

Twitter has become a short-message haven to all but every kind of person from all walks of life, from politicians to journalists, news wires and celebrities.

But it has also become a haven for spammers and bots that retweet and generate malicious links to tempt ordinary users into downloading malware. Twitter regularly shuts down spambots and fake accounts regularly, but many ordinary users notice spam on a daily basis.

The site recently said it would take spammers to court, claiming "bad actors who build tools designed to distribute spam on Twitter" make it easier for others to "engage in this annoying and potentially malicious activity."

Some suggest that these bot accounts are used to boost the popularity and follower share of other users, leading to suggestions there could be a 'black market' type situation outside the site's control.

One user explained: "Automatically generated accounts, profiles, and tweets. These accounts are used for services that provide paid followers and retweets. It's actually pretty interesting stuff if you look at the automatically generated 'Twitter Ipsum' that is their profile descriptions and how they randomly pick quotes from famous people to tweet."

How Twitter will respond to this will be interesting.

It can denounce the leak --- despite the high chances of the data breach not coming from Twitter itself --- or it can actively do something about the persistent spam issue.

Either way, Twitter has to acknowledge that while the vast majority of its 140 million users are legitimate, the site still has a large proportion of fake accounts and those that tweet vast amounts of spam to its users.


Topic: Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Looks pretty spammy.

    We only found 25K valid email addresses when we're prepping the file for our repository. But better safe than sorry I guess. It's probably going to be unfortunate that twitter will need to respond to something that is likely to have happened a fair distance from them. Does still make you wonder about the trust you put in 3rd party apps for things like twitter though.
  • Few details to clarify

    There's a few things to clarify in this article
    [*] I'm certain 99% of those accounts are fake and were generated to be used to build followers and make retweets. This wasn't an account breach - look at the passwords. A good deal share the same password - it's rare to find an account in there with a unique password. These were clearly generated with some program.
    [*] You realize that by linking to the leaked list in the post - that makes CNet liable for helping to distribute and promote the breach? It's generally customary to do a screenshot rather than linking to the list - just saying..
    [*] If it's spam created accounts, there's no real way for Twitter to stop this unless they ask users to verify their accounts via SMS, but that would be extremely painful and hinder new users from signing up.
  • Spam Accounts

    I'm tired of seeing spam across all of these social networking sites. Almost every time I log into my account I see bad links offering money or gifts of some sort. I'd like to belong to a social platform that only lets real users have accounts. Social sites should let users telesign in to their accounts to not only prevent from getting hacked but to reduce spam.
  • Take them to court... Have fun with that.

    I find it kind of amusing that they virtually want to be hacked, spammed and viewed as not being secure by telling people that you need to learn how to manage the damage when you get hacked oops I mean ???compromised???. And they will continue to be HACKED defrauded and a continual source of annoying spam until they implement stronger guidelines and in my opinion implement some form of 2FA (two-factor authentication) where you can telesign into your account.
    Bob luand
  • Runet is second class?

    A lot of russian tweeps was hacked. This happens after 14 of june.
    Now the hacked accounts posting spam by application, which placed on the google http://seopulttwitter.appspot.com.
    Most of people don`t know english, are dummies in IT, know and like only twitter.
    We wrote to twiter support about hacking and we wrote about virus site and application to google 3 weeks ago. And nothing changed! Spammy application works. Virus site is open. Haked accounts haking, phishing more tweeps. Some accounts are banned by twitter.
    It's scandalous! Does Google and Twitter works on it?
    Does Runet is a second class?