Linkedin Hacker Claims To Be Selling Millions Of Twitter Logins On Dark Web

The leak, comes days after a number of prominent Twitter accounts got hacked — including those belonging to musician Katy Perry and Drake as well as Facebook’s Mark Zuckerberg.

In a statement, Twitter said it was “confident” that the data did not emerge from a breach of its network, but said it was checking to see if accounts had been compromised by other huge password leaks.

In a recent tweet, the company also said that it periodically checks its data against recent password leaks to ensure that accounts stay secure.

It is not yet clear whether the list is genuine or how it has been compiled, however a breach notification site LeakedSource which received the database from the seller on Wednesday, noted that it was unlikely that Twitter was breached, and pointed to malware as the culprit.

“The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter,” the company said via a blogpost.

LeakedSource further said that the passwords were likely “stolen directly from consumers, therefore they are in plaintext with no encryption or hashing.” The groups said it did not believe that Twitter stored data in plain-text at the time the data was taken, thought to be around 2014.

“These credentials however are real and valid,” said the group. “The lesson here? It’s not just companies that can be hacked, users need to be careful too.”

Leaked Source added that it had taken steps to verify a small number of the email accounts and passwords in the list were genuine

Security expert Troy Hunt, who runs a website that lets people check if their login names and accounts are in data breaches shared online, expressed some scepticism about the leak.

“Just because we’ve seen some serious breaches recently doesn’t mean we should assume new ones are legit,” he said.

In a separate tweet on Thursday, Twitter chief security officer, Michael Coates, informed users that the company is working with Leaked Source on using credential data in the list to help users.
“We securely store all passwords with bcrypt. We are working with @leakedsource to obtain this info and take additional steps to protect users,” he added.