Nearly 33 Million Twitter Passwords May Have Been Leaked

Image courtesy of Tom Raftery

Days after Twitter said that it would investigate a rash of high-profile hackings by checking its data against what’s been shared in recent leaks related to MySpace, Tumblr, and other services, it appears that the passwords for almost 33 million Twitter users were part of a separate hack attack. 

LeakedSource — a search engine for leaked login information — reports that hackers may have used malware to collect more than 32 million Twitter login credentials that have now turned up for sale on the dark web.

In a blog post, LeakedSource says that it obtained a copy of data that included 32,888,300 records, including email addresses, usernames, and passwords, many that appear to be from Russia.

The credentials appear to be valid, as LeakedSource says it contacted 15 users to verify their passwords, with all 15 confirming the information.

According to LeakedSource the data was likely collected by malware infecting browsers rather than directly taken from Twitter.

“The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter,” the site says, noting that because the passwords appeared in plaintext it was unlikely they came from Twitter, which encrypts that information.

For its part, Twitter tells TechCrunch that its systems haven’t been breached.

“We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks,” a Twitter spokesperson said.

Twitter’s trust and information security officer, Michael Coates, echoed that feeling in Tweet, noting that he was confident the platform was not compromised.

[via TechCrunch]