Login details of 32 million Twitter accounts may have been leaked in new hack

Twitter may be the latest social media network to have fallen victim to a hack after the login credentials of 32 million Twitter users appeared online.

The news of the hack was released in a blog post by LeakedSource, which hosts a search engine of leaked usernames and passwords on its site. The site received the Twitter user information from “Tessa88@exploit.im” which was also responsible for releasing data from the Russian social network VK just last week.

In total, the cache that LeakedSource received from the alias contained Twitter data containing 32,888,300 records. The data included the email addresses, usernames and passwords of all 32 million users of the social media network.

It is currently believed that the data was acquired through the use of malware that infected users' browsers since many of the passwords were displayed in plaintext. While this leak could potentially cause a great deal of damage to Twitter, the company will be able to shed some of the responsibility since the user data was not stolen directly from its site. Of the 32 million users whose data was leaked, a majority of them appear to be from Russia with six of the top 10 email domains found within the database being of Russian origin including mail.ru and yandex.ru.

Despite the fact that LeakedSoruce was able to verify the validity of the leaked data by having 15 users correctly verify their passwords, Twitter is denying that its systems were breached and a spokesperson for the company said: “We are confident that these usernames and credentials were not obtained by a Twitter data breach – our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks”

Richard Paris, CEO of Intercede, stressed the need for both consumers and businesses to rethink the current state of usernames and passwords: “Whether or not the latest prolific data breach on Twitter is a fault of the social media platform, malware in browsers, or some other issue, this once again gives rise to the fact that passwords and usernames need to be consigned to the dusty archives of yesteryear. Today, online platforms hold masses of sensitive personal data about millions of consumers, and should not be relying on outdated password authentication which is no longer fit for purpose to protect this valuable information.

“There are already much more sophisticated and robust alternatives to simple password authentication available – these companies need to sit up and take notice. They are on the back foot dealing with the aftermath of data breaches, whereas they should be focusing on making sure the breaches don’t happen in the first place. The future of online security relies on a much more proactive stance; embedding measures into the very fabric of technology we use in our everyday lives, from the silicon chips used in smartphones, to the apps and services these sites offer. If not, will large-scale data breaches ever be a thing of the past?”

Even if the leaked Twitter credentials turn out to not be authentic, this security breach and the ones that have occurred at a more regular rate are a constant reminder to differentiate passwords between sites and to consistently update your passwords on a regular basis.

Image Credit: Fotos593 / Shutterstock