Department of Homeland Security and U.S Navy hacked

Homeland+Security+and+U.S+Navy+hacked
Department of Homeland Security and U.S Navy websites once again at Major Risk. This time hacking group called “Digital-corruption” hacked into subdomains of both sites and leak database info on pastebin.
In its announcement on the pastebin.com website, the group said it has leaked database from https://www.smartwebmove.navsup.navy.mil/ and twicinformation.tsa.dhs.gov using Blind SQL-Injection method.
The Database include Usernames, Passwords, Email ID’s, Security Questions – Answers of all users.
Hackers shout:
say(“#FreeTriCk #FreeMLT #FreePhantom”);
say(“Knowledge is power!”);
say(“NAVY.MIL, care to share some of your staff information?”);

Department of Homeland Security and U.S Navy websites are hacked lots of times in past one year by Different hackers from all over world.
Credit: thehackernews

Back to the game – 10000 Twitter User oauth token hacked and Exposed by Anonymous

Anonymous Hackers, with Twitter account “LulzsecReborn” Hack into TweetGif (http://tweetgif.com) and Hack complete Database, Later they publish that on Internet also. TweetGif is a website which allow you to use animated GIF image as your twitter picture.
LulzSec Reborn, a 3.0 version of the earlier LulzSec, has leaked 10,000 Twitter profiles’ passwords,  Usernames, real names, locations, bios, avatars and secret tokens used to authenticate their accounts.

data

Pastebin message posted: The leaked data was uploaded to embed upload and contains a 4 MB SQL file with all the users details.
Users table from http://tweetgif.com/ nothing serious like 10.000 twitters…
http://www.embedupload.com/?d=9ZMOMGIIQA

How Hackers and Spammer can use this?
OAuth is an authentication protocol that allows users to approve application to act on their behalf without sharing their password. If your Twitter oauth Secret Key and Token get compromised , then application or Hacker can user your Twitter account on Behalf of Your access. You can get sample script here. These accounts can be used to spam over 10000 of compromised twitter accounts.
Also if hackers are able to compromise the keys of popular applications like TweetGif and use those keys to evade Twitter’s abuse controls. By using the consumer key and consumer secret key from a popular third-party Twitter application, a spammer can make it harder for Twitter to lock out all of his spam accounts at once without also locking out a large number of legitimate users of the compromised application.

How you can Protect your Twitter Account: If you are also TweetGif  User, you need to go to settings > apps > deauthorize app. #TweetGif. “Revoke Access”.
Credit: THN Security Analyst