Jump to content
Followers 1
Jony

Passwords for 32M Twitter accounts may have been hacked and leaked

Tech By Jony, in World News & Discussion

Recommended Posts

Jony

Jony 14,504

Posted
Posted

shutterstock_311499485.jpg?w=1372

There is yet another hack for users of popular social media sites to worry about. Hackers may have used malware to collect more than 32 million Twitter login credentials that are now being sold on the dark web. Twitter says that its systems have not been breached.

“We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks,” a Twitter spokesperson said.
 

LeakedSource, a site with a search engine of leaked login credentials, said in a blog post that it received a copy of the user information from “[email protected],” the same alias used by the person who gave it hacked data from Russian social network VK last week.

Other major security compromises which have hit the news recently include a Myspace hack that involved over 360 million accounts, possibly making it the largest one ever, and the leak of 100 million LinkedIn passwords stolen in 2012.

LeakedSource says the cache of Twitter data contains 32,888,300 records, including email addresses, usernames, and passwords. LeakedSource has added the information to its search engine, which is paid but lets people remove leaked information for free.

Based on information in the data (including the fact that many of the passwords are displayed in plaintext), LeakedSource believes that the user credentials were collected by malware infecting browsers like Firefox or Chrome rather than stolen directly from Twitter. Many of the affected users appear to be in Russia—six of the top 10 email domains represented in the database are Russian, including mail.ru and yandex.ru.

Even though Mark Zuckerberg got several of his non-Facebook social media accounts, including Twitter, hacked this week, his information wasn’t included in this data set, LeakedSource claims. Zuckerberg was ridiculed for appearing to reuse “dadada” as his password on multiple sites, but results from LeakedSource’s data analysis shows that many people are much less creative. The most popular password, showing up 120,417 times, was “123456,” while “password” appears 17,471 times. An analysis of the VK data also turned up similar results.

Twitter suggested that the recent hijacking of accounts belonging to Zuckerberg and other celebrities was due to the re-use of passwords that were leaked in the LinkedIn and Myspace breaches in a statement to TechCrunch.

“A number of other online services have seen millions of passwords stolen in the past several weeks. We recommend people use a unique, strong password for Twitter,” a Twitter spokesperson said. Twitter suggests that users follow the suggestions in its help center to keep their accounts secure. Twitter also posted on its @Support account that it is auditing its data against recent database dumps.

LeakedSource said that it determined the validity of the leaked data by asking 15 users to verify their passwords. All 15 confirmed that the passwords listed for their accounts were correct. However, experts cautioned that the data may not be legitimate.

Michael Coates, Twitter’s trust and information security officer, tweeted that he is confident the social media platform’s systems have not been compromised.

“We securely store all passwords w/ bcrypt,” Coates added, referencing a password hashing function that is considered to be secure. “We are working with LeakedSource to obtain this info & take additional steps to protect users,” he continued.

Troy Hunt, the creator of a site that catalogs breaches called haveibeenpwned.com, also expressed skepticism about the authenticity of the data. Hunt told TechCrunch that he’d heard rumors of breaches at Twitter and Facebook for several weeks but had yet to see convincing proof. “They may well be old leaks if they’re consistent with the other big ones we’ve seen and simply haven’t seen the light of day yet. Incidentally, the account takeovers we’ve seen to date are almost certainly as a result of credential reuse across other data breaches,” Hunt said.

Whether or not the leaked Twitter credentials are authentic, it never hurts to change your password — especially if you use the same password across several sites. Turning on two-factor authentication also helps keep your account secure, even if your password is leaked.

 

TechCrunch

0
Link to post
Share on other sites
Onika

Onika 23,143

Posted
Posted
Just now, ChooseyLover said:

Wait what is that? rip3

It's a password manager. You can randomly generate super secure passwords for each site, and it remembers them so you don't have to. This way, access to one account doesn't give way to another, plus they're insanely hard to crack.

3
Link to post
Share on other sites
Jony

Jony 14,504

Posted
  • Author
Posted
2 minutes ago, Angel's Advocate said:

Can someone tell me how to use this site? dead2 

Enter your username or email address (choose from the drop down menu) and then see the results below. 

1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
  • Replies 35
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Onika

It's a password manager. You can randomly generate super secure passwords for each site, and it remembers them so you don't have to. This way, access to one account doesn't give way to another, plus t

Venice Bitch

icant at these hackers taking over  

Jony

Then you're safe  

Followers 1
Go to topic listing

  • Browsing now   0 members

    No registered users viewing this page.

×