Millions of the Twitter account passwords may have been stolen and sold in the ‘dark web’. The Russian hacker who claimed to be got hold of the enormous database with data from Twitter account put it for sale at a price of 10 bitcoin.
A few days after the news of the Twitter account hijacking of Mark Zuckerberg, the popular social network is back in the spotlight for another case of unauthorized removal and dissemination of personal data necessary to access it. This time, however, is not involved only one user, but of millions of accounts. A Russian hacker, Tessa88, already involved in the recent cases of dissemination of personal data for the MySpace account, LinkedIn and Tumbler, said on Tuesday in an encrypted chat of being in possession of a substantial database that includes e-mail, name and user passwords Twitter. The hacker is selling the entire database at a price of 10 bitcoin.
According to the information initially provided by the hacker, the database includes 379 million accounts, but a later analysis by LeakedSource, who managed to get hold of the database, has reduced the number to over 32 million account, after removing those duplicate . Each of the 32,888,300 database entries contain an email address, a username and in some cases a second email and a readable password.
According LeakedSource, unauthorized disclosure of data relating to accounts would be determined not to be a violation of Twitter’s database, but rather, from a malware that hackers would send data on user name and password stored in the web browser. Being directly stolen passwords by end users, they were not encrypted in any way.
As has happened in similar cases of unauthorized disclosure of personal data, it will be important to establish the actual correspondence between the leaked data and those still existing and active. LeakedSource has checked the passwords of a small group of users and said: “These credentials, however, are real and valid.” Numerous passwords are due to Russian users. It not missed the official intervention of Twitter that claimed to have kicked off the appropriate checks to verify whether the widespread passwords illicitly match the ones in its database.
The analysis carried out by LeakedSource database also highlights another fact that makes you think: one of the most used passwords are set, in fact, the number sequences ‘123456’ and ‘123456789’, followed by ‘qwerty’ and ‘password’. Evidence to suggest that the choice of a password is still taken with certain lightness of users using predictable passwords – provided that in case of theft of unencrypted data the greater or lesser complexity of the password can not make a difference. Pending further evidence on the new information theft, it is advisable to change the password of your Twitter account, as would do it periodically regardless of the case mentioned.