Was Twitter Hacked? 32 Million Accounts up for Sale
Posted by: Timothy Weaver on 06/10/2016 12:46 PM
[
Comments
]
A hacker is making noise about having more than 32 million Twitter account credentials.
This comes on top of the news of other hacks where criminals have posted account credentials for LinkedIn (167 million), Myspace (360 million), Tumblr (65 million), and VK (170 million).
Those accounts were put up for sale by the hacker named Tessa88@exploit.im. The Twitter accounts include 32,888,300 records, each containing user’s email address, username, possibly a second email, and a password.
The records also show the easy passwords that are included. Apparently, people are still using the same password for multiple accounts and are easy to crack. “123456” was the password occurring the most in the leak (120,417 times), followed by “123456789” (32,775 occurrences) and “qwerty” (22,770 occurrences).
It is unclear as to how the site was hacked. IT Security expert Sorin Mustaca writes: “Interesting enough, Leakedsource writes that they have "very strong evidence that Twitter was not hacked", rather the users got infected with some malware which stole credentials directly from the browsers of any account, not only Twitter's. However, there is no clear evidence presented that this is indeed the case. Their explanation for malware stealing credentials from browser is not entirely valid.”
Twitter stress that they are looking into the data and want to remind people that these weak passwords are the first thing a criminal will try in hacking accounts.
These recent breaches have prompted some tech firms to advise users to reset their passwords to something stronger and in that vein Microsoft has already announced that it will ban weak passwords.
Source: Security Week
This comes on top of the news of other hacks where criminals have posted account credentials for LinkedIn (167 million), Myspace (360 million), Tumblr (65 million), and VK (170 million).Those accounts were put up for sale by the hacker named Tessa88@exploit.im. The Twitter accounts include 32,888,300 records, each containing user’s email address, username, possibly a second email, and a password.
The records also show the easy passwords that are included. Apparently, people are still using the same password for multiple accounts and are easy to crack. “123456” was the password occurring the most in the leak (120,417 times), followed by “123456789” (32,775 occurrences) and “qwerty” (22,770 occurrences).
It is unclear as to how the site was hacked. IT Security expert Sorin Mustaca writes: “Interesting enough, Leakedsource writes that they have "very strong evidence that Twitter was not hacked", rather the users got infected with some malware which stole credentials directly from the browsers of any account, not only Twitter's. However, there is no clear evidence presented that this is indeed the case. Their explanation for malware stealing credentials from browser is not entirely valid.”
Twitter stress that they are looking into the data and want to remind people that these weak passwords are the first thing a criminal will try in hacking accounts.
These recent breaches have prompted some tech firms to advise users to reset their passwords to something stronger and in that vein Microsoft has already announced that it will ban weak passwords.
Source: Security Week
Comments
