Twitter Resets Passwords Related To Possible Breach

Image courtesy of Mike Matney

Following reports that the passwords for nearly 33 million Twitter accounts were breached and put up for sale on the dark Web, the social media network has notified potentially affected users and reset their passwords. 

Twitter announced the move in a blog post on Friday, noting that it was working to ensure users’ accounts were safe from ne’er-do-wells.

Michael Coates, Trust & Information Security Office for Twitter, says the company has cross-checked the leaked data from each purported hack with its own records.

“As a result, a number of Twitter accounts were identified for extra protection,” he writes. “Accounts with direct password exposure were locked and require a password reset by the account owner.” The company did not specify how many account passwords were reset.

Coates reiterated that the leaked passwords, which were found by LeakedSource earlier this week, did not come from a breach of Twitter’s own systems.

“The purported Twitter [user]names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both,” Coates says. “Regardless of origin, we’re acting swiftly to protect your Twitter account.”

While the site has taken steps to protect users, it also recommends they take extra precautions such as enabling two-factor authentication login verification, use strong passwords, and consider using a password manager.

“The recent prevalence of data breaches from other websites is challenging for all websites — not just those breached,” Coates wrote. “If a person used the same username and password on multiple sites then attackers could, in some situations, automatically take over their account.”