Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

And for people trying to puzzle out who was impacted, several these accounts (all with random strings for passwords, btw) were barely ever used at all, often not for several years. The only thing they had in common was their early creation date, and hence relatively low user ids. My guess is that the hackers simply scanned user ids starting from 1 and worked their way up.


I'm seeing a ton of people I know on twitter complain - I'm user 5511, and these are people who joined at the very beginning too - so your theory is indeed apparently correct. I got an email myself, and reset my already super complex password.


User 5,260 and an active, daily users. Got an email that my account was impacted.


I don't know what # user I am (how can I get this information?) but my twitter account was also created in 2007 (on the 8th of April says whendidyoujointwitter.com) and is still active. Also received the email.


The Twitter API exposes a user's ID. Some Twitter clients (like Tweetbot) show this information. You can use http://mytwitterid.com/ to find yours.


Or just view source on twitter.com (after logging in) and search for the first instance of "data-user-id"


3750 and ditto.


That would explain the high incidence among hackers, who are more often early adopters. I've been surprised by how many people I've heard of getting the email, including people in this comment thread and myself, considering only 250,000 emails were sent out of their couple hundred million accounts.


Only 2950 accounts with IDs from 1 to 6136 still exist, so there's been pretty much a 50% attrition rate at that level.


Yeah I received the email from Twitter, account created in April 2007 and haven't tweeted since 2010.


Are there big gaps in the early user ids? I'm 4145801 and received this message.


Twitter employee, here. At one point in time, auto_increment_increment was > 1 on the MySQL master for uid generation. This led to many holes in the uid range.


Yeah - I'd say there are big gaps. I'm 1577581 and got the email. You can check people's join dates here http://www.whendidyoujointwitter.com/


Thanks! I'm 793689, joined 25 February 2007, and got the e-mail.


I've been suspecting the same thing. Two of my accounts received the email, both created several years ago, while none of my newer accounts have been compromised.


any chance it was through an app that you allowed access?


No. I suspect their email template was out of sync with this particular incident.


That means https://api.twitter.com/1/users/show.xml?user_id=12 13 14 were hacked too. And those must have been accounts of interest if not of others' and the gentry.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: