Although a hacker called “Mauritania Attacker” claimed to have downloaded Twitter user data which included passwords, the company says that no breach of security occurred. In addition, security researchers say that no hack occurred. Still, the alleged hacker did claim that he had Twitter’s entire user database in his possession. As of this writing, it appears that a third-party app was the culprit, leaking account details for as many as 15,000 Twitter users. As well, the OAuth tokens, which a Twitter spokesperson said can be used to log into user accounts, were uploaded to ZippyShare, a file-sharing site. While not enough to allow any unauthorized person to access Twitter accounts, OAuth tokens may be able to be used for future attacks. These tokens are most commonly used to verify applications which are connected to Twitter.
Twitter’s implementation of two-step authentication earlier this year to thwart the same high-profile hijack of accounts which plagued internet heavy hitters like the Associated Press and CBS news has bolstered account security. But the microblogging site is suggesting to its users that the best practice for dealing with this latest snafu is to first revoke, and then re-establish access to apps coming from a third party.
