Twitter has been forced to lock around 33 million accounts after their security details were posted online for sale.The accounts were breached by Russian hackers and posted on to ‘the dark web’ – a web service that requires specific advanced software to access. The hack was made public by security firm LeakedSource.
According to Michael Coates, Twitter’s trust and information security officer, the social networking site is “confident the information was not obtained from a hack of Twitter’s servers.”
Rather, the usernames and passwords were stolen from email accounts and other social networking sites, such as LinkedIn and MySpace.
“Regardless of origin, we’re acting swiftly to protect your Twitter account,” Mr Coates said.Twitter quickly responded to the breach by cross-checking the details of 32,888,300 records with its user database. It immediately locked any Twitter accounts it believed were vulnerable.
The social networking service guaranteed: “If your Twitter information was impacted by any of the recent issues – because of password disclosures from other companies or the leak on the ‘dark web’– then you have already received an email that your account password must be reset.”
“Your account won’t be accessible until you do so, to ensure that unauthorized individuals don’t have access.”
LeakedSource explained the breach was caused by computers infected with malware that “sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter”.The security website observed the most common password affected by the breach was ‘123456’, followed by ‘123456789’ – ‘qwerty’ and ‘password’ were third and fourth respectively.It also showed that Russian cyber-surfers were the worst affected.
Speaking to Ars Technica, security researcher Troy Hunt said: “I’m highly sceptical that there’s a trove of 32 million accounts with legitimate credentials for Twitter.
“The likelihood of that many records being obtained independently of a data breach and them being usable against active Twitter accounts is extremely low.”Just this week, Facebook founder Mark Zuckerberg had his Twitter and Pinterest accounts hacked after hackers used a password obtained from a LinkedIn breach in 2012.Twitter warned that to prevent your account from being hacked, users should “use a strong password that you don’t reuse on other websites.”