LulzSec Reborn, an offshoot of the hacktivist collective Anonymous, seems to have resurfaced by stealing 10,000 Twitter accounts.
LulzSec Reborn, a hacktivist collective that emerged in March, has leaked around 10,000 Twitter usernames and passwords of members who used the third-party application TweetGif, a tool allowing members to share animated GIF files.
The breach was a pretty serious one, as the files stolen contained a lot of information, required by TweetGif when you sign up. This information includes usernames, passwords, real names, locations, bios, avatars, secret tokens used to authenticate TweetGif to pull Twitter data, and even their last tweet.
So far TweetGif has not commented on the breach.
The stolen information has been leaked online by the group, and the breach highlights that third-party Twitter apps don't always use best practices when it comes to securing user data.
Imperva, a computer security company, released a survey recently which suggested that 75 percent of web applications may be vulnerable to remote file inclusion (SQL injection) attacks because they include insecure tools which let users manually upload user-generated content like photos or videos.
Last year, a group of hackers calling themselves LulzSec carried out 50 consecutive days of attacks on websites and networks around the world, before going quiet. Their targets included companies like Sony, governments and such law enforcement agencies as the FBI.
Since then, five alleged members of the group have been arrested thanks to one of the main Anonymous hackers, known as Sabu, turning informant for the FBI.
While LulzSec was a subset of Anonymous, LulzSec Reborn appears to be a subset of LulzSec and has emerged in recent weeks, carrying out an attack on MilitarySingles.com website. Some experts have cast doubt on whether or not the new LulzSec group contains any members of the original group.