Twitter users have become the latest to have their security put at risk as data — including unencrypted passwords — on over 32 million accounts is being sold on the dark web for less than $6,000.
Following massive leaks of LinkedIn and Myspace data in the last month, Twitter is the latest online service to be affected, though people who have examined the stolen data say the microblogging site itself has not been hacked.
The data has been seen by LeakedSource, a website that collates data breaches and makes them searchable for those who may be affected. As the passwords are presented in plaintext — meaning they have not been encrypted — it is much more likely that the credentials were collected as a result of millions of users having their computers being infected with malware, it says.
LeakedSource said the data is currently being traded on the dark web though it gives no indication of how much the data is being sold for. However, according to the online hacktivist known as The Jester, the data dump is being offered for a relatively low price of 10 bitcoins (around $5,800 at current prices), which suggests the database could simply be details from previous leaks repackaged to look like it has come from Twitter.
“After checking the dump against current Twitter registered emails and two old emails, the alleged TWITTER DB dump is made up of records from the last two previous Tumblr and LinkedIn breaches,” Jester said on his website, backing this up by saying old Twitter-registered emails — that appeared in the Tumblr and LinkedIn breaches — also showed up in this database while current Twitter-registered email addresses did not.
The database was given to LeakedSource by a user who goes by the alias “Tessa88@exploit.im” who also provided the website with over 167 million LinkedIn credentials, 360 million Myspace accounts and most recently 171 million details on users of VKontakte (or VK), the equivalent of Russia’s Facebook. In total, LeakedSource now has a searchable database of over 1.8 billion stolen records.
Analysis by LeakedSource of the 32,888,300 Twitters records — each of which contains an email address, a username and a visible password — suggests that many of the victims are based in Russia, with mail.ru email addresses being the most prevalent in the leaked data.
Twitter has not officially responded to the latest leak, but Michael Coates, who works on Twitter’s security team, said the company had seen the data and is working with LeakedSource to help protect those customers who are affected.
We have investigated reports of Twitter usernames/passwords on the dark web, and we're confident that our systems have not been breached.
— Michael Coates ஃ (@_mwc) June 9, 2016
Users can search the database here to see if they have been affected, and for those seeking to add more security to their Twitter account, the two-factor authentication can be switched on, which means anyone trying to log into your account from a new device will need to have a security code that is sent to your phone.
Once again, the list of the most common passwords seen in the data shows a recognizable pattern with the likes of “123456,” “password” and “qwerty” all among the top five.
Last week Facebook’s CEO Mark Zuckerberg was left with egg on his face when his Pinterest and Twitter accounts were briefly hacked, with the details coming from the LinkedIn breach that happened in 2012, with the founder of the world’s biggest social network reusing the password “dadada.”
LeakedSource said it “triple checked” to see if Zuckerberg’s details were in the most recent data dump, but concluded he wasn’t a victim this time around.