LulzSec Reborn, the self-titled redux of fallen hacker group LulzSec, leaked around 10,000 Twitter usernames and passwords of members who used TweetGif, an animated Gif-sharing application.

Updated on June 12, with comment from Twitter:

"We can confirm that all Twitter account passwords have remained secure, and no breach of our systems has occurred in connection with the events experienced by TweetGif. Regarding how TweetGif was compromised, we can't speak on their behalf.

LulzSec Reborn, the so-called redux of disbanded hacker group LulzSec, leaked around 10,000 Twitter usernames and passwords of members who used TweetGif, an animated Gif-sharing application.

The file contained an unusually detailed trove of information on each member: usernames, real names, locations, bios, avatars, OAuth tokens used to authenticate TweetGif to pull Twitter data, and even their last tweet. The hackers' motivations are unclear at this point; an announcement posted on Pastebin merely linked to a destination for people to download the .SQL file.

TweetGif lets users post and share animated Gif cliparts, but users have to log in through Twitter. It appears to be a relatively small application with less than 75,000 visitors globally, according to its Flag Counter stats, and only 690 followers of its Twitter account @TweetGif.

As we covered recently in "How to Use Twitter Safely," not all third-party Twitter applications use best practices to secure user data. An Imperva report said around three-quarters of Web applications may be vulnerable to remote file inclusion attacks because they include insecure tools that allow users to upload user-generated content, such as images and videos.

In March, LulzSec Reborn introduced itself to the Interwebs by claiming to be a resurrected version of the infamous LulzSec hacker coalition. The original LulzSec ceased operations almost a year ago after spending almost six weeks attacking companies, governments, and law enforcement agencies. In March, the FBI arrested core members using intelligence gained by interrogating Sabu, the group's nominal leader.

However many security researchers, such as F-Secure's Sean Sullivan and Naked Security's Graham Cluley, have cast doubts that original LulzSec members are part of the "new" LulzSec. LulzSec Reborn has been pretty quiet since it launched, claiming only one major attack so far on Militarysingles.com, a dating site.