bill-swift - June 25, 2012
If you're into animated GIFs and Twitter, chances are you've already heard of TweetGif and might even be using the site. It's a site where users can post and share animated Gif images, but before they can access the gallery, users have to log in through Twitter first.
TweetGif was recently targeted by hacking group LulzSec, which resulted in the public release of 10,000 user names along with their authorization tokens. LulzSec normally explains why they hacked into so and so, but this time, they didn't. It's pretty strange to target some random Gif-sharing site, but they're hackers, so really, they probably didn't even need to have a reason.
The group unloaded the users' information on Pastebin, which contain names, locations, bio information, avatar links, and the date of the last Twitter update of the user aside from their handles and secret tokens.
The hack was confirmed by Twitter, who quickly assured users that their passwords were secure, even if their other info was compromised.
We can confirm that all Twitter account passwords have remained secure, and no breach of our systems has occurred in connection with the events experienced by TweetGif.
Regarding how TweetGif was compromised, we can't speak on their behalf. Since this application used OAuth, no user passwords were exposed.
-- Twitter spokesperson