Skip to main content

Time to change your Twitter password: 32 million accounts may have been hacked

Mark Zuckerberg, Katy Perry, Keith Richards, Tame Impala, Drake, Tenacious D, oh, and Twitter founder Evan Williams. What do they have in common? They’ve all had their Twitter accounts compromised in recent days, that’s what.

And late Thursday it emerged the apparent hack could be serious. Like 32-million-accounts serious.

The login credentials for what would be more than 10 percent of the microblogging site’s active user base were most likely collected via malware rather than a hack on Twitter’s own servers, according to LeakedSource, a site that holds information on data leaks. It suggested the computers of “tens of millions of people” have been infected by malware that “sent every saved username and password from browsers like Chrome and Firefox back to the hackers.”

Michael Coates, Twitter’s trust and information security officer, insisted its own systems are secure and so any stolen data could not have come from a direct hack.

He added that the company securely stores all passwords and has contacted LeakedSource as part of its investigation into the matter.

LeakedSource said the cache of Twitter data was being traded on the dark web by a hacker for 10 Bitcoins (currently around $5,800).

“Tessa88,” the supposed name of the hacker, presented LeakedSource with Twitter data that includes usernames, email addresses, and visible passwords. Interestingly, the site noted that the details of Mark Zuckerberg, whose Twitter account was recently hacked, were not in the data set, adding that more than likely “the malware was spread to Russians.”

You may not be Russian and you may not be a celebrity, but considering how many Twitter passwords appear to be knocking around out there just now, evidenced by this latest report and the flurry of account hacks in recent days, you’d do well to change yours now.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Your Siri conversations may have been recorded without your permission
iOS 16 and Mac Ventura on Apple devices.

Apple has patched a security flaw that left macOS and iOS devices vulnerable to having interactions with Siri spied upon and recorded when using accessories such as AirPods or Beats headsets via Bluetooth.

The flaw, which is now referred to as vulnerability CVE-2022-32946, was discovered by app developer Guilherme Rambo, according to Apple Insider.

Read more
Chrome extensions with 1.4M users may have stolen your data
Google Chrome icon in mac dock.

McAfee researchers have discovered various Google Chrome extensions that steal browsing activity, with the add-ons racking up more than a million downloads.

As reported by Bleeping Computer, threat analysts at the digital security company have come across a total of five such malicious extensions.

Read more
This Twitter vulnerability may have revealed owners of burner accounts
Twitter app on the OnePlus 10T.

Twitter recently announced the existence of a security vulnerability that poses a particular risk for anonymous and pseudonymous Twitter accounts.

On Friday, the popular social media platform published a blog statement describing the nature of the security vulnerability, which, if exploited, could let someone send contact information (phone numbers, email addresses) to Twitter's systems, which would then "tell the person what Twitter account the submitted email addresses or phone number are associated with, if any." Essentially, with this bug, if you had someone's contact information, you could use it to figure out which accounts on Twitter were theirs.

Read more