So if I start tweeting “Allahu akbar” from @jihadwatchrs, you’ll know what happened. “Pro-Islamic hacker claims to have compromised every Twitter account,” by Pete Swabey for Information Age, August 20 (thanks to Twostellas):
A hacktivist known as Mauritania Attacker has claimed to have compromised every account on Twitter by stealing a list of OAuth tokens.
OAuth is an authorisation protocol that allows websites to share log-in credentials. The stolen tokens could be used to access Twitter accounts without need for a password.
According to Indian security news site Techworm, the pro-Islamic hacker today published OAuth details for 15,167 accounts on a file-sharing website.
“In a conversation with Techworm, he confirmed that he have access to entire database of users on twitter and no account is safe from him, may be he will leak unlimited accounts credentials in the coming future [sic].”
Techworm’s story was linked to from the Twitter account of AnonGhost, an Anonymous-affiliated hacktivist group led by Mauritania Attacker, and from his own Facebook page.
Information Age has not downloaded the OAuth Tokens and cannot confirm or deny their veracity.
Twitter has said that it is “currently looking into the sitatuation” [sic].
Mauritania Attacker was profiled by news agency Reuters in June. It said he is a 23-year-old from the West African country of Mauritania.
AnonGhost, which purports to promote Islam and target its enemies, has defaced over 10,000 websites this year, Reuters reported.
In April, the group participated in an attack on various Israeli targets, named #OpIsrael. In June, Mauritania Attacker claimed to have discovered a new security weakness in Facebook.
The Reuters profile quotes an executive from Israeli IT security firm Radware as saying that Mauritania Attacker has united various pro-Islamic hacking groups that have recently emerged in Africa.