There have been a number of high-profile data leaks recently, including ones from LinkedIn, MySpace, Tumblr, and VK. Now, another social media giant has had its users’ login credentials appear for sale on the dark web. This time, the site in question is Twitter.
ZD Net reports that a Russian cybercriminal going by the name Tessa88, who has links to some of the previous breaches, is selling the email addresses, usernames, and plain-text passwords of over 379 million Twitter accounts for 10 bitcoins, or around $5820.
LeakedSource, a search engine that indexes data from leaks, analyzed Tessa88’s database and found that, after removing duplicates, there were 32,888,300 records. The group said it verified the authenticity of the data by confirming with 15 users that the passwords listed for their accounts were correct.
However, LeakedSource also pointed out it was highly unlikely that Twitter had been breached; rather, the data was probably stolen directly from users via “malware infecting browsers.” It added that most of the accounts on the list appeared to be located in Russia.
“Passwords were stolen directly from consumers, therefore they are in plaintext with no encryption or hashing. Remember that Twitter probably doesn’t store the passwords in plaintext, Chrome and Firefox did,” said LeakedSource.
“The join dates of some users with uncrackable (yet plaintext) passwords were recent. There is no way that Twitter stores passwords in plaintext in 2014 for example. The top email domains don’t match up to a full database leak, more likely the malware was spread to Russians.”
The claim that user data was gained from malware-infected PCs backs up Twitter’s statement that its systems had not been breached.
“We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks,” a Twitter spokesperson said.
As was with the case with many of the other recent leaks, the information has exposed the huge number of people who continue to use terrible passwords. LeakedSource said the most common of these was “123456,” which was used 120,417 times, while the ever-popular “password” made 17,471 appearances.
The incident is yet another reason why everyone should take extra care when it comes to online security. Mark Zuckerberg’s recent hack showed that even he was guilty of using a poor password (“dadada”) on multiple sites, so make sure you don’t make the same mistake. Turning on two-factor authentication, where available, will help keep your accounts secure, and using a password manager is always a good idea.