Everyone likes Twitter. Well, okay, maybe not everyone, but at least 310 million users visit the micro-blogging platform monthly. And now these 310 million have to consider changing their Twitter password. This is not because they are as insecure as 123456 or something like that, but because a database of 379 million Twitter accounts with passwords are now being sold on the Darknet.
‘Astrologers proclaimed a month of leaks. The population of leaks doubled.’ If you know what I mean. The announcement about 117 million LinkedIn accounts was shortly followed by the leakage of several hundred million MySpace and Tumblr accounts, then by 100 million VK.com accounts. Now the hacker associated with those leaks, Tessa88, claims to have 379 million Twitter accounts. And they are for sale for just 10 bitcoins, which is about $5,280.
379 million seems to be a bit bigger, that Twitter’s monthly audience, but the analysis done by LeakedSource shows that there are in fact a little more than 32 million unique accounts. Yet 32 mil-lion is still a big deal.
LeakedSource believes that it’s not Twitter to blame for the leak, but the users themselves. It looks like Twitter was not hacked, because the passwords in the database were in plain text, and LeakedSource is sure that Twitter was not storing them in plain text.
So the passwords were probably stolen from the browsers which were infected by some type of malware, that was stealing all the credentials it could steal. Yes, malware is not only about encrypt-ing your girlfriends pictures and terrorising hospitals. It’s about collecting huge sets of credentials as well.
— Kaspersky Lab (@kaspersky) April 15, 2016
Okay, let’s get to the giveaway part. Are you a Twitter user? Then you’d better do the following:
- Change your password. Right now!
- Remember that a password like 123456789 is NOT OK. However, LeakedSource noted that 32,775 accounts in this database used exactly that password. We can help you create a strong and yet easy to memorise password. You can also test out what combinations are the strongest with our Password Checker. It is free and we do not store data. It is just a good educational tool to aid you in creating a strong password.
- Did you re-use your Twitter password on another accounts? Then don’t forget to change those too. That’s how Mark Zuckerberg’s Twitter account was stolen recently: the hackers learned his email and password from the LinkedIn leak and — surprise! — they were the same on Twitter. Yes, that teaches to never reuse your passwords.
- Install a good security solution. Among the other good things, it will protect you from malware that can steal your data. So you won’t find your precious account leaked in a case like this one.