Last week Facebook’s CEO Mark Zuckerberg’s social accounts; Pinterest and Twitter were briefly hacked, with the details coming from the LinkedIn breach that happened in 2012, with the founder of the world’s biggest social network reusing the password “dadada.”
This time around Twitter users have become the latest to have their security put at risk as data including unencrypted passwords on over 32 million accounts is being sold on the dark web for less than $6,000.
According to LeakedSource, passwords are presented in plain text meaning they have not been encrypted and it is much more likely that the credentials were collected as a result of millions of users having their computers being infected with malware.
LeakedSource added saying that, the data is currently being traded on the dark web though it gives no indication of how much the data is being sold for.
According to the online hacktivist known as The Jester, he wrote on his website, “The first indication was the low asking price of 10 Bit Coins (around $5000USD) – after investigation by myself and trusted associated who queried 32 Million records of the alleged TWITTER dump on the LEAKEDSOURCE website the following was deduced.”
“After checking the dump against current Twitter registered emails and two old emails, the alleged TWITTER DB dump is made up of records from the last two previous TUMBLR and LinkedIn breaches. This conclusion was reached because the old adresses twitter registered emails that appeared in the TUMBLR and LINKEDIN breaches appeared and CURRENT Twitter registered email did not.”
The database was given to LeakedSource by a user who goes by the alias “Tessa88@exploit.im” who also provided the website with over 167 million LinkedIn credentials, 360 million Myspace accounts and most recently 171 million details on users of VKontakte (or VK), the equivalent of Russia’s Facebook. In total, LeakedSource now has a searchable database of over 1.8 billion stolen records.
Analysis by LeakedSource of the 32,888,300 Twitters records each of which contains an email address, a username and a visible password suggests that many of the victims are based in Russia, with mail.ru email addresses being the most prevalent in the leaked data.
Twitter has not officially responded to the latest leak, but Michael Coates, who works on Twitter’s security team, said the company had seen the data and is working with LeakedSource to help protect those customers who are affected.
Users can search the database here to see if they have been affected, and for those seeking to add more security to their Twitter account, the two-factor authentication can be switched on, which means anyone trying to log into your account from a new device will need to have a security code that is sent to your phone.
Once again, the list of the most common passwords seen in the data shows a recognizable pattern with the likes of “123456,” “password” and “qwerty” all among the top five, International Business Times reported.