Almost 33 million Twitter accounts have been hacked and the data posted online for sale, according to leakedsource.com.
The data was posted on dark web, closed-off part of internet where illicit operations often take place, by user “[email protected].”
The data includes user names, emails, sometimes secondary emails, and Twitter passwords.
“We have very strong evidence that Twitter was not hacked, rather the consumer was,” Leakedsource stated, meaning hackers likely collected the data from malware-infected computers, rather than Twitter servers.
Twitter’s Trust and Information Security officer, Michael Coates, confirmed Twitter was not hacked.
“We have investigated reports of Twitter usernames/passwords on the dark web, and we’re confident that our systems have not been breached,” Coates tweeted.
We securely store all passwords w/ bcrypt. We are working with @leakedsource to obtain this info & take additional steps to protect users.
— Michael Coates ஃ (@_mwc) June 9, 2016
Leakedsource offered an explanation, that “the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites, including Twitter.”
That would mean users who had their Twitter account breached this time should also change their other passwords and possibly reinstall their computers.
It may be premature to link recent celebrity Twitter hacks to this leak.
In recent months Katty Perry, Mark Zuckerberg, and the NFL had their Twitter accounts hacked.
There are two reasons to believe this massive leak may be unrelated.
First, based on the leaked email addresses, more than 7 million had the Russian domain (.ru). Leakedsource stated that “more likely the malware was spread to Russians.”
And second, “we triple checked, Mark Zuckerberg isn’t in this data set,” the website stated.
The hacker who took credit for hacking Zuckerberg’s Twitter indicated he gained the access information from the LinkedIn leak that put over 100 million people’s account details on a dark web last month.
