Neither Facebook, nor Netflix, are saying they have been hacked or suffered data breaches and the other website referred to is likely to be LinkedIn.
Advertisement
Before you point fingers at Twitter though, a report by TechCrunch suggests that the data was gleaned from malware that infected Mozilla Firefox and Chrome browsers.
More than 32.8 million supposed Twitter usernames and passwords have been stolen and shared with LeakedSource.
The database was given to LeakedSource by a user who goes by the alias “[email protected]” who also provided the website with over 167 million LinkedIn credentials, 360 million Myspace accounts and most recently 171 million details on users of VKontakte (or VK), the equivalent of Russia’s Facebook. That’s more than 10 percent of Twitter’s monthly active users.
After the mega hacks of last month, it is now time for Twitter.
LeakedSource, who claim to have received a copy of leaked data from Tessa88, has put it out on its blogpost. Each record may contain an email address, a username, sometimes a second email and a visible password.
Quick-typed password staple, “qwerty” was found 22 770 times and password takes fourth place with 17 471 instances. Twitter suggests that users follow the suggestions in its help center to keep their accounts secure. Initially the data was being sold on the dark web for five bitcoin, this amounts to around $2,200 (£1,500).
Michael Coates, Twitter’s trust and information security officer, tweeted that he is confident the social media platform’s systems have not been compromised. While this is bad news for users whose credentials are now available online (Leakedsource says it checked the authenticity of the passwords with 15 users, all of which confirmed they were genuine), this indicates that they were not obtained by hacking Twitter or a third-party site.
Advertisement
Whether or not the leaked Twitter credentials are authentic, it never hurts to change your password – especially if you use the same password across several sites. We securely store all passwords with bcrypt.
