Twitter data breach – “Our systems have not been breached”

There is no evidence of a Twitter data breach

twitter data breach

32,888,300 login details of Twitter users have been put up for sale on the Dark Web. A user going by the alias Tessa88@exploit.im is asking for 10 bitcoins (£4060.20 at todays exchange rate) from anyone that wants a copy of the list. Twitter however, is confident that this is not a breach of its network.

It is believed that the details may have been gathered from combining information from other recent website breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both. Twitter has cross-checked data with their own records and Twitter accounts identified for extra protection have been locked and require a password reset by the account owner.

LeakedSource, a site that keeps a database of leaked login credentials, added a copy of the data to their searchable repository of leaked data. Credentials on the list have been verified as real and valid and LeakedSource use the following explanation as proof this was not a Twitter data breach.

The join dates of some users with uncrackable (yet plaintext) passwords were recent. There is no way that Twitter stores passwords in plaintext in 2014 for example.

There was a very significant amount of users with the password “<blank>” and “null”. Some browsers store passwords as “<blank>” if you don’t enter a password when you save your credentials.

The top email domains don’t match up to a full database leak, more likely the malware was spread to Russians.

Password concerns

twitter-password

LeakedSource also list some of the passwords Twitter users use and it shows that there are a lot of people who are not following good password practices. You can read an earlier post of mine regarding password security and if you are using simple passwords and/or using them on multiple sites, change your habits now.

Malware concerns

There is also a large concern of malware harvesting credentials, not just for Twitter but for any website that your browser may have saved passwords for. Check your computer regularly for viruses and malware, if you don’t feel confident in doing this, take your computer to a local computer repair company and ask them to check for you.

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact Us

T: 01935 426652
M: 07799 051770

E: support@sig-ma.co.uk

Send Message

Company Info

Sig-ma is a computer repair company based in Yeovil, Somerset. 

We offer professional, affordable services to businesses and home users alike.

Learn more »