Twitter resets account login credentials for exposed accounts

Twitter investigated account login credentials recently offered for sale on the dark web, locked the accounts and reset their passwords.

This week a Russian hacker offered for sale more than 32 million Twitter account credentials on the Dark Web.

The alleged Russian hacker offered Twitter account credentials for 10 Bitcoins (over $5,800). In response to the data leak Twitter has reset an unknown number of accounts.

According to Twitter the data weren’t stolen from its systems, instead, they were alleged gathered through a malware-based attack on its users.

“We’ve investigated claims of Twitter @names and passwords available on the “dark web,” and we’re confident the information was not obtained from a hack of Twitter’s servers.” reported Twitter in a blog post.

“The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both. Regardless of origin, we’re acting swiftly to protect your Twitter account.”

The company decided to adopt further security measures to protect accounts whose data are available in the criminal underground. Its experts identified valid login credentials leaked online, then locked the accounts and reset their passwords.

“In each of the recent password disclosures, we cross-checked the data with our records. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner.”

Twitter also included in the post some recommendations for the protection of the accounts and more in general about the correct use of passwords.

Below the suggestion published in the post:

Enable login verification (e.g. two factor authentication). This is the single best action you can take to increase your account security.
Use a strong password that you don’t reuse on other websites.
Use a password manager such as 1Password or LastPass to make sure you’re using strong, unique passwords everywhere.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Twitter account credentials,data)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.