Russian Hacker Tries to Sell 33 Million Twitter Accounts, 123456 Is Most Popular Password

June 9, 2016 1:32 pm Last Updated: June 9, 2016 8:23 pm

Almost 33 million Twitter accounts have been hacked and the data posted online for sale, according to leakedsource.com.

The data was posted on dark web, closed-off part of internet where illicit operations often take place, by user “[email protected]

The data includes user names, emails, sometimes secondary emails, and Twitter passwords.

“We have very strong evidence that Twitter was not hacked, rather the consumer was,” Leakedsource stated, meaning hackers likely collected the data from malware-infected computers, rather than Twitter servers.

Twitter’s Trust and Information Security officer, Michael Coates, confirmed Twitter was not hacked.

“We have investigated reports of Twitter usernames/passwords on the dark web, and we’re confident that our systems have not been breached,” Coates tweeted. 

Leakedsource offered an explanation, that “the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites, including Twitter.”

That would mean users who had their Twitter account breached this time should also change their other passwords and possibly reinstall their computers.

It may be premature to link recent celebrity Twitter hacks to this leak.

In recent months Katty Perry, Mark Zuckerberg, and the NFL had their Twitter accounts hacked.

There are two reasons to believe this massive leak may be unrelated.

First, based on the leaked email addresses, more than 7 million had the Russian domain (.ru). Leakedsource stated that “more likely the malware was spread to Russians.”

And second, “we triple checked, Mark Zuckerberg isn’t in this data set,” the website stated.

The hacker who took credit for hacking Zuckerberg’s Twitter indicated he gained the access information from the LinkedIn leak that put over 100 million people’s account details on a dark web last month.

Leakedsource gathers leaked data and allows anyone to search the data. Users can also remove their own data from the database.

“123456” Most Popular Password

Leakedsource published a list of the most popular passwords among the hacked Twitter accounts. We wouldn’t recommend most of them—especially any from the top 10.

But there are also surprisingly popular ones, like the “9-11-1961,” that more than 10,000 user picked as their password. Is it Sept. 11, 1961? Or Nov. 9, 1961? Was that just a day a lot of future Twitter users were born, or is there some special meaning to the date?

Perhaps even more surprisingly, over 6,600 users picked password “cepetsugih.” Cepet sugih means “rich quick” in Javanese, a language spoken by almost 100 million people, mainly Javanese, the largest ethnic group of Indonesia.

More than 5,400 people picked the password “iloveyou.”

Rank

Password

Frequency

1

123456

120,417

2

123456789

32,775

3

qwerty

22,770

4

password

17,471

5

1234567

14,401

6

1234567890

13,799

7

12345678

13,380

8

123321

13,161

9

111111

12,138

10

12345

11,239

11

123123

11,099

12

9/11/1961

10,444

13

9111961

10,231

14

0

10,124

15

666666

9,264

16

555555

8,586

17

1q2w3e4r5t

8,386

18

654321

8,358

19

1234

8,257

20

gfhjkm

7,773

21

7777777

7,659

22

222222

6,696

23

cepetsugih

6,603

24

777777

6,539

25

999999

6,428

26

112233

6,398

27

1q2w3e4r

6,178

28

888888

5,784

29

333333

5,772

30

qwerty123

5,666

31

iloveyou

5,443

32

exigent

5,355

33

159753

5,063

34

123qwe

4,934

35

abc123

4,816

36

qwertyuiop

4,797

37

1qaz2wsx

4,753

38

1q2w3e

4,493

39

qqww1122

4,244

40

pakistan

4,001

41

987654321

3,926

42

qwe123

3,597

43

samsung

3,351

44

q1w2e3r4

3,271

Less than 1.5 percent of the 32,888,300 hacked accounts used any of 44 most popular (and mostly weak) passwords. Also, since the passwords were probably extracted through malware, directly from the users’ computers, even strong password wouldn’t help. Not letting your web browser remember your passwords might have.

Leakedsource also released a list of the most popular email domains among the leaked accounts:

Rank

Email Domain

Frequency

1

@mail.ru

5,028,220

2

@yahoo.com

4,714,314

3

@hotmail.com

4,520,434

4

@gmail.com

3,302,205

5

@yandex.ru

1,020,757

6

@aol.com

586,661

7

@rambler.ru

428,084

8

@bk.ru

374,855

9

@list.ru

291,403

10

@inbox.ru

260,957

11

@hotmail.fr

196,206

12

@hotmail.co.uk

193,357

13

@msn.com

188,220

14

@live.com

163,167

15

@comcast.net

145,737

16

@yahoo.co.uk

104,183

17

@ymail.com

99,358

18

@yahoo.fr

85,964

19

@sbcglobal.net

84,830

20

@ukr.net

78,879

21

@yahoo.co.in

72,953

22

@web.de

67,010

23

@yahoo.co.id

62,247

24

@libero.it

60,294

25

@ya.ru

57,080

26

@naver.com

50,417

27

@hotmail.it

48,639

28

@live.fr

48,179

29

@gmx.de

47,117

30

@rocketmail.com

46,162

31

@cox.net

43,500

32

@bellsouth.net

42,586

33

@hotmail.de

39,703

34

@rediffmail.com

38,585

35

@yahoo.com.br

36,880

36

@att.net

35,654

37

@live.co.uk

35,624

38

@verizon.net

33,651

39

@btinternet.com

31,914

40

@yahoo.de

27,588

41

@inbox.lv

26,478

42

@aim.com

26,325

43

@googlemail.com

25,507

44

@i.ua

24,779

45

@earthlink.net

23,475