Details of 33 million Twitter accounts hacked and posted online
Twitter security officials said they are 'confident the information was not obtained from a hack of Twitter’s servers'
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Twitter has been forced to lock around 33 million accounts after their security details were posted online for sale.
The accounts were breached by Russian hackers and posted on to ‘the dark web’ – a web service that requires specific advanced software to access.
The hack was made public by security firm LeakedSource.
According to Michael Coates, Twitter’s trust and information security officer, the social networking site is “confident the information was not obtained from a hack of Twitter’s servers.”
Rather, the usernames and passwords were stolen from email accounts and other social networking sites, such as LinkedIn and MySpace.
“Regardless of origin, we’re acting swiftly to protect your Twitter account,” Mr Coates said.
Twitter quickly responded to the breach by cross-checking the details of 32,888,300 records with its user database. It immediately locked any Twitter accounts it believed were vulnerable.
The social networking service guaranteed: “If your Twitter information was impacted by any of the recent issues – because of password disclosures from other companies or the leak on the ‘dark web’– then you have already received an email that your account password must be reset.”
“Your account won’t be accessible until you do so, to ensure that unauthorized individuals don’t have access.”
LeakedSource explained the breach was caused by computers infected with malware that “sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter”.
The security website observed the most common password affected by the breach was ‘123456’, followed by ‘123456789’ – ‘qwerty’ and ‘password’ were third and fourth respectively.
It also showed that Russian cyber-surfers were the worst affected.
Speaking to Ars Technica, security researcher Troy Hunt said: “I'm highly sceptical that there's a trove of 32 million accounts with legitimate credentials for Twitter.
“The likelihood of that many records being obtained independently of a data breach and them being usable against active Twitter accounts is extremely low.”
Just this week, Facebook founder Mark Zuckerberg had his Twitter and Pinterest accounts hacked after hackers used a password obtained from a LinkedIn breach in 2012.
Twitter warned that to prevent your account from being hacked, users should “use a strong password that you don’t reuse on other websites.”
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments