Author Topic: Warning! 32 Million Twitter Passwords May Have Been Hacked and Leaked  (Read 909 times)

Offline jasonX

  • Most Valuable Member
  • Youngling
  • *
  • Posts: 37
    • View Profile
Warning! 32 Million Twitter Passwords May Have Been Hacked and Leaked

Our world today is FULL of data breaches soon it will be just a matter of time till anything can be breached IF we will not rethink our ways and try to find ways to be always more secure. Being secure and safe nowadays is a must and must be checked always also.

Swati Khandelwal of thehackernews.com shares the details below as well as related story from telegraph.co.uk



The world came to know about massive data breaches in some of the most popular social media websites including LinkedIn, MySpace, Tumblr, Fling, and VK.com when an unknown Russian hacker published the data dumps for sale on the underground black marketplace.
However, these are only data breaches that have been publicly disclosed by the hacker. I wonder how much more stolen data sets this Russian, or other hackers are holding that have yet to be released. The answer is still unknown, but the same hacker is now claiming another major data breach, this time, in Twitter.

Quote
Login credentials of more than 32 Million Twitter users are now being sold on the dark web marketplace for 10 Bitcoins (over $5,800).
LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that it received a copy of the Twitter database from Tessa88, the same alias used by the hacker who provided it hacked data from Russian social network VK.com last week.

The database includes usernames, email addresses, sometimes second email addresses, and plain-text passwords for more than 32 Million Twitter accounts. Twitter strongly denied the claims by saying that "these usernames and credentials were not obtained by a Twitter data breach" – their "systems have not been breached," but LeakedSource believed that the data leak was the result of malware.

"Tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter," LeakedSource wrote in its blog post.

But, do you remember how Facebook CEO Mark Zuckerberg Twitter account was compromised?

The hackers obtained Zuck's account credentials from the recent LinkedIn data breach, then broke his SHA1-hashed password string, tried on his several social media accounts and successfully hacked Zuckerberg’s Twitter and Pinterest account.

So, one possibility could also be that the alleged Twitter database dump of over 32 Million users is made up of already available records from the previous LinkedIn, MySpace and Tumblr data breaches.

The hacker might just have published already leaked data from other sites and services as a new hack against Twitter that actually never happened.
Whatever the reason is, the fact remain that hackers may have had their hands on your personal data, including your online credentials.
So, it’s high time you changed your passwords for all social media sites as well as other online sites if you are using the same password.

Source HERE


Related story:

Russian hackers sell 33 million Twitter passwords online

Usernames and passwords of almost 33 million Twitter users have been obtained by a Russian hacker and put up for sale online.

The leak, which covers a tenth of Twitter’s users, comes after several high-profile Twitter accounts including Facebook’s Mark Zuckerberg and singer Katy Perry were broken into.

Quote
Twitter denied that its own security had been breached, but said it was checking to see if accounts had been compromised by other huge password leaks.

The data for sale online may have come from hackers checking Twitter usernames against email and password combinations from security breaches at Myspace and LinkedIn.

Millions of passwords from both social networks have been put up for sale on the dark web in recent weeks that were obtained in hacks that date back to 2011. Since many people re-use passwords across the web, a trial and error approach on other social networks could result in many successful attacks.

It is believed that trying LinkedIn and Myspace passwords on Twitter accounts is how several celebrity Twitter accounts have been hacked into over the last week.

A hacking group called OurMine accessed Zuckerberg's account this week, revealing that his password had been "dadada". Rock group Tenacious D's account was breached resulting in a Jack Black death hoax, and others including Lana Del Rey and Keith Richards were affected.

A spokesman for Twitter said it is "confident" that it hasn't been hacked.

"We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached," the company said. "In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks."

Security blog LeakedSource said the data contained 32.9m records. The hacker is reportedly selling the data for 10 bitcoins (£4,000).

Richard Parris, head of cybersecurity company Intercede, said the incidents show that passwords are "no longer fit" for purpose.

"Passwords and usernames need to be consigned to the dusty archives of yesteryear," said Parris. "Online platforms hold masses of sensitive personal data about millions of consumers, and should not be relying on outdated password authentication."

Source HERE