Advertisement

Twitter 'confident' that 32 million usernames weren't hacked

It was probably just that malware in your browser.

Chris Ratcliffe/Bloomberg via Getty Images

Recently revealed breaches into MySpace and LinkedIn have been followed by someone allegedly selling 32 million leaked Twitter accounts on the dark web. But Twitter spokespeople and the company's information security officer have denied that their security has been compromised, leading some to theorize that info from these accounts was leaked the old-fashioned way: by malware.

A Russian seller with the username "Tessa88" claimed to have the database of usernames, emails and passwords for 32 million accounts, according to ZDNet. The asking price was 10 bitcoins, or about $5,773, as of this writing. The seller noted they acquired the database in 2015 as part of a larger haul of 379 million accounts, far more than Twitter's 310 million monthly users, though that could include dormant ones.

In a prepared statement, a Twitter spokesperson denied that its systems had been hacked, and that the company has "been working to help keep accounts protected by checking our data against what's been shared from recent other password leaks." Twitter's trust and info security officer tweeted last night that the company is confident that its systems weren't breached.

Instead, the accounts were probably acquired by malware that copied passwords and usernames entered while browsing in Chrome or Firefox, according to LeakedSource. After filtering out duplicates, their analysis of the database confirmed 32 million purported accounts.

There's probably no cause for alarm unless your password is weak, said Microsoft regional director and MVP for developer security Troy Hunt: