On Thursday, unconfirmed reports that over 32 million Twitter accounts were hacked and their passwords leaked. In response, the social media company has been forced to lock out millions of users accounts after their details were posted for sale on the dark net.
According to the company, the information was not obtained directly through a hack of their servers. Rather, the account information may have been collected through other recent breaches, malware designed to steal users’ passwords, or a combination of the two.
“We have very strong evidence that Twitter was not hacked, rather the consumer was,” LeakedSource wrote in a blog post.
Twitter locking accounts to be safe
“In each of the recent password disclosures, we cross-checked the data with our records,” said Michael Coates, Twitter’s Trust & Information Security Officer, in a blog post on Friday. “As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner.”
Rumors of the breach began circulating on Wednesday night when LeakedSource, a website that alerts subscribers to potential security breaches in their online accounts, wrote in a blog post that they had received a hacked database containing nearly 33 million unique Twitter account details, including emails and passwords. The website obtained the database from a hacker group called “Tessa88,” a group that has also claimed to be connected with previous LinkedIn and Myspace hacks.
Twitter has declined to state exactly how many accounts have been affected by the breach, but the number is believed to be in the millions. The social network has already notified affected users via email, and those users who did not receive the email yet were affected will find their accounts locked upon attempting to log in.
Password reuse primary cause
The breach, among others, has been blamed upon the widespread reuse of usernames and passwords across a wide variety of websites. Twitter advises using unique passwords as well as the activation of a two-step verification process, requiring login attempts using SMS, Twitter app notifications, and similar technologies in order to more effectively protect their accounts.
The company quoted “A number of other online services have seen millions of password stolen in the past several weeks. We recommend people use a unique, strong password for Twitter.”