/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2016/06/ID-100260833.jpg)
Mayday! Mayday!! Twitter system has been breached!!!
More than 32 million Twitter login credentials have been hacked using malware; though, Twitter denies any such breach.
We have investigated reports of Twitter usernames/passwords on the dark web, and we're confident that our systems have not been breached.
— Michael Coates ஃ (@_mwc) June 9, 2016
LeakedSource, a site with a search engine of leaked login credentials, said in a blog post that it received a copy of the user information from “Tessa88@exploit.im,”. The site says the cache of Twitter data contains 32,888,300 records, including email addresses, usernames, and passwords. LeakedSource has added the information to its search engine, which is paid but lets people remove leaked information for free.
Many of the affected users appear to be in Russia—six of the top 10 email domains mentioned in the database are Russian, including mail.ru and Yandex.ru. LeakedSource believes that the user credentials were composed by malware infecting browsers like Firefox or Chrome rather than stolen directly from Twitter.
The agency said that it defined the validity of the leaked data by asking 15 users to verify their passwords. All 15 confirmed that the passwords listed for their accounts were correct.
Even though Mark Zuckerberg got several of his non-Facebook social media accounts hacked this week, including Twitter, his information wasn’t included in this data set, LeakedSource claims. Zuckerberg was ridiculed for reusing “dadada” as his password on multiple sites. According to LeakedSource's report, the most popular password, showing up 120,417 times, was “123456,” while the word “password” appeared 17,471 times.
Twitter advised that the recent hijacking of accounts was due to the re-use of passwords on several accounts.
A Twitter spokesperson said, “A number of other online services have seen millions of passwords stolen in the past several weeks. We recommend people use a unique, strong password for Twitter.” Twitter also posted on its support account that it is reviewing its data against recent database dumps.
However, experts caution that the data may not be genuine. Michael Coates, Twitter’s trust, and information security officer said, “We securely store all passwords w/ bcrypt,” referencing a password hashing function that is considered to be secure. “We are working with LeakedSource to obtain this info & take additional steps to protect users,” he continued.
Troy Hunt, the creator of haveibeenpwned.com, said “They may well be old leaks if they’re consistent with the other big ones we’ve seen and simply haven’t seen the light of day yet. Incidentally, the account takeovers we’ve seen to date are almost certainly as a result of credential reuse across other data breaches.”
Time to update your social media login details, folks!!