‘Tens of millions’ of Twitter passwords have been leaked online
If you’re a Twitter user, now might be a good time to revise your password. Leaked Source, a data research group, reported on Wednesday that ‘tens of millions’ of Twitter credentials have been traded on what is being called the ‘dark web’.
The dark web, a haven for hackers, is a network of websites that require special tools to be accessed. The main appeal in such websites is that users can remain anonymous and make illicit business deals in exchange for sensitive information.
Leaked Source says that it has obtained a large data set of 32,888,300 Twitter records, each of which “may contain an email address, a username, sometimes a second email and a visible password.” It has also come to light that the hackers designed a malware to gather usernames and passwords from browsers which means Twitter itself may not have been hacked.
In a recent tweet, Twitter security officer Michael Coates said:
“We have investigated reports of Twitter usernames/passwords on the dark web, and we’re confident that our systems have not been breached.”
The analysts at Leaked Source have also made a compilation of the recently leaked data which has surprising revelations. According to that blog post, a vast majority of people set their password as ‘12345’, ‘qwerty’ and ‘123456789’. Interestingly enough 4,001 set their Twitter password as ‘Pakistan’ which hints that a large number of accounts from Pakistan could have been compromised.
However, Russians users appear to have been hit the hardest as over 7 million email domains ending in *.ru were affected. Government officials have also not been spared as it has come to light 3,022 email IDs ending in *.gov were affected.
We securely store all passwords w/ bcrypt. We are working with @leakedsource to obtain this info & take additional steps to protect users.
— Michael Coates ஃ (@_mwc) June 9, 2016
Amidst all this, Michael Coates tweeted today that the social network is taking the necessary precautions to keep their users safe.
All the leaked data is publicly available on the Leaked Source website.