Twitter has reacted to reports that 32 million Twitter login details have been put for sale on the dark web by locking some accounts.
On a blog post in its official blog, the company wrote:
We’ve investigated claims of Twitter @names and passwords available on the “dark web,” and we’re confident the information was not obtained from a hack of Twitter’s servers.The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both. Regardless of origin, we’re acting swiftly to protect your Twitter account.In each of the recent password disclosures, we cross-checked the data with our records. As a result, a number of Twitter accounts were identified for extra protection. Accounts with direct password exposure were locked and require a password reset by the account owner.
According to the company, users whose accounts have been locked are to reset their user information, and a mail has been sent to them on how to do that.
The spate of recent breaches calls for extra security measures on online accounts. Last week, it was reported that hundreds of millions of Myspace and Tumblr credentials were put up for sale. Last weekend, Mark Zuckerberg’s Twitter account was breached, as some infiltrators gained access through a password he used for his LinkedIn account. The password, “dadada“, was exposed when LinkedIn’s database were hacked in 2012. And in May, a Russian hacker claimed to have 117 million LinkedIn accounts available for just 5 bitcoins ($2,200).
Twitter went on to advise its users in its blog post that a compromise on one site can result in access to another.
Attackers mine the exposed username, email and password data, leverage automation, and then attempt to automatically test this login data and passwords against all top websites. If a person used the same username and password on multiple sites then attackers could, in some situations, automatically take over their account.
As a precautionary measure, it is advisable not to use weak passwords or use the same password on several accounts. It would also be necessary to change passwords regularly, and implement multiple security measures where applicable.