Are 32 million Twitter passwords being sold on the dark web?
Social media giant 'confident' its systems have not been hacked after website reports data breach
Millions of Twitter passwords have reportedly surfaced online and are being sold on the dark web.
LeakedSource, which collects credentials from data breaches, says it has received more than 32 million records, including email addresses, usernames and passwords.
"We have very strong evidence that Twitter was not hacked, rather the consumer was," it says.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
A spokesperson for the social media giant said it was "confident" its systems had not been breached.
LeakedSource believes that malware was responsible for the breach and sent usernames and passwords saved in browsers such as Chrome and Firefox to the hackers.
A Russian, known by his alias Tessa88, is selling the credentials for 10 bitcoins, or about £4,000, according to Zdnet.
The most commonly used passwords in the data cache included "123456", "qwerty" and "password".
These are not good passwords, says Mashable. "An analogy to using these would be locking your front door, but then leaving keys on your porch. And breaking the lock. And punching a big hole in the door."
However, nearly 150,000 of the passwords contained more than 30 characters, which means that the strength of a password "is irrelevant" if the user has been infected with the malware, says LeakedSource. Turning on two-factor authentication will help keep an account more secure.
Based on the emails provided, many of the affected users appear to be from Russia. The site says it has verified the authenticity of the passwords with 15 users, all of whom confirmed they were genuine.
But some experts have expressed scepticism about the authenticity of the data, Tech Crunch reports.
"They may well be old leaks if they're consistent with the other big ones we've seen and simply haven't seen the light of day yet," said Troy Hunt, the creator of a site called haveibeenpwned.com, which catalogues breaches.
Create an account with the same email registered to your subscription to unlock access.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
5 carefully selected cartoons about the Trump-Daniels jury selection process
Cartoons Artists take on a stress-free life, rare peers, and more
By The Week US Published
-
Loire Valley Lodges review: sleep, feast and revive in treetop luxury
The Week Recommends Forest hideaway offers chance to relax and reset in Michelin key-winning comfort
By Julia O'Driscoll, The Week UK Published
-
Myanmar: the Spring Revolution and the downfall of the generals
Talking Point An armed protest movement has swept across the country since the elected government of Aung San Suu Kyi was overthrown in 2021
By The Week Staff Published
-
How technology helps and harms endangered languages
Under the radar Languages are disappearing at fastest rate in history, accelerated by digital dominance of English
By Harriet Marsden, The Week UK Published
-
Spain spends €258m on trains too big for tunnels
feature And other stories from the stranger side of life
By Chas Newkey-Burden Published
-
Animal shelter will name cat litter tray after your ex
feature And other stories from the stranger side of life
By Chas Newkey-Burden Published
-
‘Unsettling’ bid to bring dodo back to life
feature And other stories from the stranger side of life
By The Week Staff Published
-
Your LinkedIn contact could be a deepfake
feature And other stories from the stranger side of life
By The Week Staff Published
-
AI beats humans at bridge
feature And other stories from the stranger side of life
By The Week Staff Published
-
Who masterminded largest-ever cyberattack on Israel?
Under the Radar Defence officials point finger at Iran after government websites knocked offline
By The Week Staff Published
-
‘It is the internet’: Rohingya launch $150bn Facebook lawsuit over genocide hate speech
In Depth Victims in UK and US legal action claim social media giant failed to prevent incitement of violence
By The Week Staff Published