Twitter resets account login credentials for exposed accounts

Twitter investigated account login credentials recently offered for sale on the dark web, locked the accounts and reset their passwords.

This week a Russian hacker offered for sale more than 32 million Twitter account credentials on the Dark Web.

The alleged Russian hacker offered Twitter account credentials for 10 Bitcoins (over $5,800). In response to the data leak Twitter has reset an unknown number of accounts.

According to Twitter the data weren’t stolen from its systems, instead, they were alleged gathered through a malware-based attack on its users.

“We’ve investigated claims of Twitter @names and passwords available on the “dark web,” and we’re confident the information was not obtained from a hack of Twitter’s servers.” reported Twitter in a blog post.

“The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both. Regardless of origin, we’re acting swiftly to protect your Twitter account.”

The company decided to adopt further security measures to protect accounts whose data are available in the criminal underground. Its experts identified valid login credentials leaked online, then locked the accounts and reset their passwords.

“In each of the recent password disclosures, we cross-checked the data with our records. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner.”

Twitter also included in the post some recommendations for the protection of the accounts and more in general about the correct use of passwords.

Below the suggestion published in the post:

1. Enable login verification (e.g. two factor authentication). This is the single best action you can take to increase your account security.
2. Use a strong password that you don’t reuse on other websites.
3. Use a password manager such as 1Password or LastPass to make sure you’re using strong, unique passwords everywhere.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Twitter account credentials,data)