Mark Zuckerberg, Katy Perry, Keith Richards, Tame Impala, Drake, Tenacious D, oh, and Twitter founder Evan Williams. What do they have in common? They’ve all had their Twitter accounts compromised in recent days, that’s what.
And late Thursday it emerged the apparent hack could be serious. Like 32-million-accounts serious.
The login credentials for what would be more than 10 percent of the microblogging site’s active user base were most likely collected via malware rather than a hack on Twitter’s own servers, according to LeakedSource, a site that holds information on data leaks. It suggested the computers of “tens of millions of people” have been infected by malware that “sent every saved username and password from browsers like Chrome and Firefox back to the hackers.”
Michael Coates, Twitter’s trust and information security officer, insisted its own systems are secure and so any stolen data could not have come from a direct hack.
We have investigated reports of Twitter usernames/passwords on the dark web, and we’re confident that our systems have not been breached.
— Michael Coates ஃ (@_mwc) June 9, 2016
He added that the company securely stores all passwords and has contacted LeakedSource as part of its investigation into the matter.
We securely store all passwords w/ bcrypt. We are working with @leakedsource to obtain this info & take additional steps to protect users.
— Michael Coates ஃ (@_mwc) June 9, 2016
LeakedSource said the cache of Twitter data was being traded on the dark web by a hacker for 10 Bitcoins (currently around $5,800).
“Tessa88,” the supposed name of the hacker, presented LeakedSource with Twitter data that includes usernames, email addresses, and visible passwords. Interestingly, the site noted that the details of Mark Zuckerberg, whose Twitter account was recently hacked, were not in the data set, adding that more than likely “the malware was spread to Russians.”
You may not be Russian and you may not be a celebrity, but considering how many Twitter passwords appear to be knocking around out there just now, evidenced by this latest report and the flurry of account hacks in recent days, you’d do well to change yours now.
