Previous Story
Twitter moves to quash reports on leaked passwords
Posted On Jun 10 2016
Comment: Off
The social network updated its statement in a blog post on Friday, urging users to employ HTTPS everywhere and security for email from twitter.com, and secure account credentials using bcrypt.
LeakedSource echoed Twitter‘s line, telling the Wall Street Journal that it has “very strong evidence that Twitter wasn’t hacked, rather the consumer was”, identifying formatting techniques that suggested the data was captured from malware-infected computers rather than a master Twitter database.
Twitter has forced a password reset on an unnamed number of accounts exposed this week in a dump of 32.8 million account names and credentials.
“In each of the recent password disclosures, we cross-checked the data with our records”.
LeakedSource said the cache of Twitter data contains 32,888,300 records, including email addresses, usernames and passwords.
And, in case you were concerned about Mark Zuckerberg’s Twitter account, no worries: his account isn’t showing up in this dataset. That way, a breach of, say, your Twitter password won’t also put your bank account at risk.
Based on the information in the data, it is believed that the passwords were collected by malware infecting the commonly used browsers like Google Chrome and Firefox.
The report says that the micro-blogging website is now asking its users to change password.
Coates said the San Francisco microblogging company has notified users whose “accounts were identified for extra protection”, and some users were asked to reset their passwords.
In an interview with Wired, one of the hackers selling users’ login information said that he or she had initially offered the data privately to spammers and others targeting specific individuals’ accounts before putting it up for public sale.
Twitter, meanwhile, did not give a specific number, but confirmed that “millions” of accounts are affected.
Twitter rubbished the hacking claims and said there was no breach in their systems, and they are working with LeakedSource to get the data. This checking is conducted by comparing the hash of passwords, a mathematical representation of the password, in the leaked files with the hash of user passwords stored on the companies’ servers. The Russian has also been linked to the recent data leaks of LinkedIn, MySpace and Tumblr users.
