This week a Russian hacker offered for sale more than 32 million Twitter account credentials on the Dark Web.
The alleged Russian hacker offered Twitter account credentials for 10 Bitcoins (over $5,800). In response to the data leak Twitter has reset an unknown number of accounts.
According to Twitter the data weren’t stolen from its systems, instead, they were alleged gathered through a malware-based attack on its users.
“We’ve investigated claims of Twitter @names and passwords available on the “dark web,” and we’re confident the information was not obtained from a hack of Twitter’s servers.” reported Twitter in a blog post.
“The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both. Regardless of origin, we’re acting swiftly to protect your Twitter account.”
The company decided to adopt further security measures to protect accounts whose data are available in the criminal underground. Its experts identified valid login credentials leaked online, then locked the accounts and reset their passwords.
“In each of the recent password disclosures, we cross-checked the data with our records. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner.”
Twitter also included in the post some recommendations for the protection of the accounts and more in general about the correct use of passwords.
Below the suggestion published in the post:
(Security Affairs – Twitter account credentials,data)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.