On Tuesday, a hacker from Mauritania gained access to more than 15,000 Twitter accounts’ user IDs and the associated OAuth tokens used to connect Twitter accounts to third-party services.
The self-dubbed Mauritania Attacker published his haul, which does not include Twitter user passwords, online.
Below, more details on the situation and how to protect your account right now.
According to a Twitter spokesperson, the network has “investigated the situation and can confirm that no Twitter accounts were compromised.” And most likely, the hacker worked through a third-party service, which has already been suspended by Twitter.
So you don’t need to change your password. But you should revoke access to all third party apps currently linked to your Twitter account, then manually hook them up again as needed.
– Go into your Apps settings on your Twitter account by clicking on the Gear, selecting Settings, then choosing Apps
– From here, you’ll be able to see which third-party apps have access to your account. When I did this, I was shocked at how long the list was: 72!
– Click “Revoke Access” on each app, which will secure your account from leakage to outside apps. Now, moving forward, when you relogin with your Twitter account to any of those apps, a new OAuth token will be issued, one that is completely outside the database the Mauritania Attacker released.
This isn’t the first time the Mauritania Attacker has been in the news. A recent Reuters piece profiles his stance as a “non-extremist” Islamist hacker, alongside his collective, AnonGhost.
If you adopt the above practice of revoking third-party-app access as a regular housekeeping procedure, you’ll stand yourself in good stead for future such hacking crises.
(Secure image via Shutterstock.)