Twitter on Thursday denied being the victim of a security breach amid reports that a hacker has put the log-in credentials for more than 32 million accounts up for sale on the dark web.
LeakedSource, an online search engine for stolen data, said Wednesday that a pseudonymous hacker provided the website with a data set purportedly containing the usernames, passwords and other data pertaining to 32,888,300 Twitter accounts. Fifteen of the victims identified in the breach were contacted by LeakedSource, and each one verified the validity of the information supplied to the website.
The individual who provided the data to LeakedSource, “Tessa88,” told ZDNet on Tuesday that they were trying to sell the cache on the dark web for 10 bitcoins, or roughly $6,000. According to the tech site, the same hacker is linked to recent highly publicized security breaches that have affected hundreds of millions of users across multiple platforms, including MySpace, LinkedIn and Tumblr.
The latest compromised credentials to surface were likely stolen not from Twitter, but harvested rather by hackers who used malware to pilfer sensitive information that had been saved in the web browsers of individuals who inadvertently allowed their computers to become infected, LeakedSource said.
“The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter,” LeakedSource wrote in a blog post Wednesday.
In a statement, Twitter also denied their systems had been hacked.
“We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached,” a spokesperson said in a statement. “In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks,” a Twitter spokesperson said.
Michael Coates, Twitter’s trust and information security officer, said in a tweet early Thursday that the company uses strong encryption to secure user passwords, and was working with LeakedSource in an effort to obtain the data and take additional steps.
Nevertheless, a spokesperson for Twitter told TechCrunch on Thursday that its users can benefit from using hard-to-crack passwords to protect their accounts, especially in the wake of some of the most popular accounts on the service being breached.
“A number of other online services have seen millions of passwords stolen in the past several weeks. We recommend people use a unique, strong password for Twitter,” the spokesperson said.
Indeed, the most popular account on Twitter in terms of followers — pop star Katy Perry’s — was compromised last week by a hacker who used their brief access to broadcast homophobic and racist slurs to the singer’s 89.1 million followers. Other high-profile Twitter accounts that have been breached during the last two weeks include those belonging to the NFL, Facebook co-founder Mark Zuckerberg, Rolling Stones guitarist Keith Richards, rapper Drake and bands Tame Impala and Bon Iver, among others.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.