After the millions of MySpace and LinkedIn users’ data was hacked into the past month, now it seems like it’s Twitter’s turn.
A hacker by the name of Tessa88 claimed in an encrypted chat last Tuesday that he has access to a cache containing data of 379 million Twitter accounts, as reported by ZDNet. Later, it was confirmed that he did in fact had access to usernames and passwords, but to only 33 million Twitter accounts. Even then, that accounts for one tenth of Twitter’s monthly active users.
“We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached.”
Twitter seems adamant on its statement that it was not hacked. LeakedSource stated in their blog post that passwords were likely stolen directly from consumers, meaning they were in plain text and did not have any encryption or hashing. They further claimed that is unlikely that Twitter was breached, and the recent spread of malware must have accessed saved usernames and passwords from browsers such as Chrome and Firefox, and sent directly to the hacker.
The hacker is selling passwords for 10 bitcoins (around $5,810) each, on the dark web. Publications claim this is the same hacker that had a hand in the recent LinkedIn and MySpace hacks.
“To help keep people safe and accounts protected, we’ve been checking our data against what’s been shared from recent password leaks.” — Twitter
Among those affected were Facebook CEO Mark Zuckerberg and famous singer Katy Perry. Being the owner of the biggest social media website, and constantly keeping up with security updates, Mark Zuckerberg’s account was breached by a team of hackers called OneMine, and his password was ironically found out to be “dadada”. But there are people much less creative, having passwords such as “12345”, or even “abcdef”. The official account of Tenacious D, a rock band was also breached which resulted in a Jack Black death hoax.