Hackers target Twitter spammers in massive account data breach

A massive breach has led to more than 55,000 Twitter accounts being published on the Web. But it appears the hackers may have targeted spammers over ordinary users.
Written by Zack Whittaker, Contributor

Twitter is investigating after 55,000 account details --- including username and password combinations --- were published online.

Account details seemingly belonging to spammers were uploaded to Pastebin, a code-sharing site often used by hackers to post the results of their hacking escapades.

The accounts were published over five Pastebin pages --- one, two, three, four, five. Legitimate users who are on the list are advised to change their passwords immediately.

A Twitter spokesperson said the company was looking into the situation. "We have pushed out password resets to accounts that may have been affected," they added.

"We've discovered that the list of alleged accounts and passwords found on Pastebin consists of more than 20,000 duplicates, many spam accounts that have already been suspended and many login credentials that do not appear to be linked --- that is, the password and username are not actually associated with each other."

Many of the accounts however appear to be associated with 'bot' users, such as those representing machines which tweet based on keyword recognition or otherwise.

One user on Y Combinator's Hacker Newsnoted that many of the accounts when logged in requested an email confirmation, suggesting the accounts may not in fact belong to human users.

Many were suspended or only had a small number of followers, the user said.

"All their bios sound like bot-generated text, they all have suspiciously similar passwords that look auto-generated, and none of them seem to have much to say."

Speculation has already erupted as to the source of the breach.

At this stage, it's unlikely to point the finger at Twitter itself. Based on the number of 'spam' accounts listed in the breach, it would not come as a massive surprise to learn that a third-party breach may have led to the disclosure.

Twitter has become a short-message haven to all but every kind of person from all walks of life, from politicians to journalists, news wires and celebrities.

But it has also become a haven for spammers and bots that retweet and generate malicious links to tempt ordinary users into downloading malware. Twitter regularly shuts down spambots and fake accounts regularly, but many ordinary users notice spam on a daily basis.

The site recently said it would take spammers to court, claiming "bad actors who build tools designed to distribute spam on Twitter" make it easier for others to "engage in this annoying and potentially malicious activity."

Some suggest that these bot accounts are used to boost the popularity and follower share of other users, leading to suggestions there could be a 'black market' type situation outside the site's control.

One user explained: "Automatically generated accounts, profiles, and tweets. These accounts are used for services that provide paid followers and retweets. It's actually pretty interesting stuff if you look at the automatically generated 'Twitter Ipsum' that is their profile descriptions and how they randomly pick quotes from famous people to tweet."

How Twitter will respond to this will be interesting.

It can denounce the leak --- despite the high chances of the data breach not coming from Twitter itself --- or it can actively do something about the persistent spam issue.

Either way, Twitter has to acknowledge that while the vast majority of its 140 million users are legitimate, the site still has a large proportion of fake accounts and those that tweet vast amounts of spam to its users.


Editorial standards