Details of 33 million Twitter accounts hacked and posted online

Twitter security officials said they are 'confident the information was not obtained from a hack of Twitter’s servers'

Jacob Furedi
Friday 10 June 2016 13:25
Comments
Security experts said the most common password affected by the breach was '123456'
Security experts said the most common password affected by the breach was '123456'

Twitter has been forced to lock around 33 million accounts after their security details were posted online for sale.

The accounts were breached by Russian hackers and posted on to ‘the dark web’ – a web service that requires specific advanced software to access.

The hack was made public by security firm LeakedSource.

According to Michael Coates, Twitter’s trust and information security officer, the social networking site is “confident the information was not obtained from a hack of Twitter’s servers.”

Rather, the usernames and passwords were stolen from email accounts and other social networking sites, such as LinkedIn and MySpace.

“Regardless of origin, we’re acting swiftly to protect your Twitter account,” Mr Coates said.

Twitter quickly responded to the breach by cross-checking the details of 32,888,300 records with its user database. It immediately locked any Twitter accounts it believed were vulnerable.

The social networking service guaranteed: “If your Twitter information was impacted by any of the recent issues – because of password disclosures from other companies or the leak on the ‘dark web’– then you have already received an email that your account password must be reset.”

“Your account won’t be accessible until you do so, to ensure that unauthorized individuals don’t have access.”

LeakedSource explained the breach was caused by computers infected with malware that “sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter”.

The security website observed the most common password affected by the breach was ‘123456’, followed by ‘123456789’ – ‘qwerty’ and ‘password’ were third and fourth respectively.

It also showed that Russian cyber-surfers were the worst affected.

Speaking to Ars Technica, security researcher Troy Hunt said: “I'm highly sceptical that there's a trove of 32 million accounts with legitimate credentials for Twitter.

“The likelihood of that many records being obtained independently of a data breach and them being usable against active Twitter accounts is extremely low.”

Just this week, Facebook founder Mark Zuckerberg had his Twitter and Pinterest accounts hacked after hackers used a password obtained from a LinkedIn breach in 2012.

Twitter warned that to prevent your account from being hacked, users should “use a strong password that you don’t reuse on other websites.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in