June 9, 2016

Faster, harder, Twitter: millions of passwords leaked

News Security Tips

Everyone likes Twitter. Well, okay, maybe not everyone, but at least 310 million users visit the microblogging platform monthly. And now these 310 million have to consider changing their Twitter password. This is not because they are as insecure as 123456 or something like that, but because a database of 379 million Twitter accounts with passwords are now being sold on the Darknet.

Faster, harder, Twitter: millions of passwords leaked

‘Astrologers proclaimed a month of leaks. The population of leaks doubled.’ If you know what I mean. The announcement about 117 million LinkedIn accounts was shortly followed by the leakage of several hundred million MySpace and Tumblr accounts, then by 100 million VK.com accounts. Now the hacker associated with those leaks,Tessa88, claims to have 379 million Twitter accounts. And they are for sale for just 10 bitcoins, which is about $5,280.

379 million seems to be a bit bigger, than Twitter’s monthly audience, but the analysis done by LeakedSource shows that there are in fact a little more than 32 million unique accounts. Yet 32 million is still a big deal.

LeakedSource believes that it’s not Twitter to blame for the leak, but the users themselves. It looks like Twitter was not hacked, because the passwords in the database were in plain text, and LeakedSource is sure that Twitter was not storing them in plain text.

So the passwords were probably stolen from the browsers which were infected by some type of malware, that was stealing all the credentials it could steal. Yes, malware is not only about encrypting your girlfriends pictures and terrorizing hospitals. It’s about collecting huge sets of credentials as well.

Ok, let’s get to the giveaway part. Are you a Twitter user? Then you’d better do the following:

  1. Change your password. Right now!
  2. Remember that a password like 123456789 is NOT OK. However, LeakedSource noted that 32,775 accounts in this database used exactly that password.

    We can help you create a strong and yet easy to memorize password. You can also test out what combinations are the strongest with our Password Checker. It is free and we do not store data. It is just a good educational tool to aid you in creating a strong password.

  3. Did you re-use your Twitter password on other accounts? Then don’t forget to change those too. That’s how Mark Zuckerberg’s Twitter account was stolen recently: the hackers learned his email and password from the LinkedIn leak and — surprise! — they were the same on Twitter. Yes, that teaches to never reuse your passwords.
  4. Install a good security solution. Among the other good things, it will protect you from malware that can steal your data. So you won’t find your precious account leaked in a case like this one.