PC Magazine reports that LulzSec Reborn has leaked around 10,000 Twitter usernames and passwords of members who use TweetGif, an animated Gif-sharing application. Currently the motivation behind the leak is unknown at this point, as the group's Pastebin announcement merely points to a destination for people to download an .SQL file.
According to the report, LulzSec's .SQL contains more than just usernames and passwords, listing real names, locations, bios, avatars, OAuth tokens used to authenticate TweetGif to pull Twitter data, and even the victim's last tweet. TweetGif allows users to post and share animated Gif cliparts, but requires users to log in through Twitter.
On Tuesday Twitter released a confirmation stating that all Twitter account passwords have remained secure, and no breach of its systems has occurred in connection with the events experienced by TweetGif.
"Regarding how TweetGif was compromised, we can't speak on their behalf," Twiter said. "Since this application used OAuth, no user passwords were exposed; for more information on why OAuth is our recommend connection method to grant an application access to your account, please see our help pages on Safety: Keeping Your Account Secure and How to Connect and Revoke Third Party Applications."
LulzSec "Reborn" returned to the hacking scene back in March, picking up where the original LulzSec group left off by breaking into military dating site MilitarySingles.com. The group retrieved the information of 170,937 accounts including email addresses, passwords and other private data. It then hacked into CSS Corp, a global information and communications technology company, and leaked its entire database which included email addresses, names, passwords, user IDs and usernames.
Since then, the group has been surprisingly quiet. Supposedly LulzSec Reborn is comprised of veteran hackers who have been known to breach important sites. Currently there are no members of the original LulzSec present in the new group.
"The idea is to continue what some have started and never managed to finish," one of the hackers previously stated. "At the same time we want to avenge the ones that were arrested."