An alleged restructured version of the LulzSec hacker group has taken responsibility for a collection of around 10,000 user accounts related to a third-party Twitter service. This is the second major attack that the otherwise quiet group has taken responsibility for this year.
TweetGif is a service that allows registered users to post animated Gifs on their Twitter feed. The catch is that they have to provide their Twitter login information for the service to work, not unlike many other third party social network applications that have faced security issues. The service itself is rather small with less than 75,000 visitors globally and fewer than 700 followers on the company’s Twitter account.
The leaked data contains a wealth of user information; far more than a typical password hack. An SQL file that was uploaded to Pastebin contains usernames, passwords, real names, bios, locations, avatars, n security token used by the service for authentication with Twitter and the user’s most recent Tweet.
The hacking collective wreaked havoc on many organizations last year but activity was essentially halted after the group’s leader, Hector Xavier Monsegur, allegedly worked with law enforcement officials to arrest three members and bring charges upon two others.
LulzSec Reborn hit the scene shortly after, successfully exposing over 170,000 accounts from the dating website Military Singles. In similar fashion, those accounts were also posted to Pastebin for anyone to download and utilize.
It’s unclear if the resurrected group contains members of the original LulzSec organization.