When Twitter recently had accounts and passwords leaked, many were attached to spam accounts or duplicate records. Most had obvious passwords (like 1234).
Are these legitimate active accounts? Can you do anything with the hashed passwords alone?
In fairness to Twitter, it was never actually known if the accounts/passwords came from Twitter.com (proper) or (more likely) leaked from some 3rd-party Twitter-integrating app that had pre-OAuth integration.
Are these legitimate active accounts? Can you do anything with the hashed passwords alone?