Just a few weeks after a Myspace hack saw the theft of 360 million accounts, another major social media platform has apparently been breached for 32 million login credentials.
Though Twitter says that no breach has taken place, a hacker claims to have stolen 32,888,300 records, each containing an email address, username, possibly a second email and a visible password. LeakedSource, a site featuring a search engine of leaked login information, claimed that it received a copy of the data from a user who goes by the handle “Tessa88@exploit.im.”
According to the post on LeakedSource’s blog, tens of millions of Twitter login credentials are being sold on the dark web. While LeakedSource claims to have “strong evidence” that Twitter was not hacked, they go on to credit malware as the likely cause of the breach.
“The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter,” stated the blog post.
In an encrypted chat with ZDNet, Tessa88 claimed to be selling the dataset for 10 bitcoins, or $5820. While hackers have breached several major companies recently, including 360 million accounts from Myspace just last month and 100 million accounts from LinkedIn in 2012. Several high profile individuals such as Mark Zuckerberg have been hacked also.
LeakedSource confirmed that Zuckerberg’s data was not in the most recent set of stolen Twitter logins and also estimates that the malware was likely spread to Russian users.
The blog post goes on to confirm that over 5 million of the stolen accounts were associated with @mail.ru email accounts, a Russian domain. Furthermore, users are increasingly careless when setting passwords, citing the four most used passwords as 123456, 123456789, qwerty and password.